Complete Computer & Mobile Device Security Information

Last Updated: 12/20/2019 - Optimized for Firefox 71.0 (Quantum) - PLEASE SHARE

COPYRIGHT 1987 thru 2019 - David R. Woodsmall - www.woodsmall.com

** CLICKING ONCE on a Desired, Listed subject will take you to that information **

WHAT DO DO IF YOUR SYSTEM IS INFECTED
COMPUTER SECURITY TUTORIAL - START HERE
RECOMMEDATIONS FOR COMPUTER SECURITY
Complete SLOW Windows COMPUTER & Slow BROWSER FIXES


** ALERTS - WINDOWS (all recent versions) VULNERABILITIES **| Account - PROTECT THEM| Advisories, Microsoft | Advisory Sites / Databases | Advisories, Specific | Advisories by OS, Product, & Vendor | ALERTS - NEWLY SEEN | ActiveX | ADOBE | Ad Trackers (cell phones) | Adware Detectors | AIX | Android | Anomynity - be anonymous| Anti-Malware Reviews |
Anti-Virus Checker Reviews| ANTI-KEY LOGGERS | Apache | Apple Computers | Apple Malware | Articles / News | AURORA Exploit | Backdoors | Backups | BANKING Online | BEGINNER'S GUIDE | Beladen | Best Anti-Malware Suites | BetterPrivacy - Flash Cookies | BHO - Browser Helper Objects | BIOS Passwords | BlackBerry Vulnerabilities | Black Listed Web Sites (Malware) | Blended Threats | Bluetooth Vulnerabilities | Books - Security, Malware, Rootkits, Spyware, Trojans, Viruses,... |
BOOT CDs / Floppies | Booting - What programs run? | BOOT LOGGING | BOOTING SAFE MODE | BOOTKITS | BOOT VIRUSES | BOTs / BOTNETS / ZOMBIES| BOTs - Recently spotted | BREDOLAB BOT/TROJAN | Browser Hijacking | Browser REDIRECTION | Browser Security | Browser - Surf more Safely | Browser Vulnerabilities | BUGS / Recalls / Scams / Warnings / Fraud| Business Data Security | Carbon Monoxide |
CCleaner | Cell Phone Malware | Cell Phone Security | CERT | Certificates | Check your Password | Check your PCs Vulnerabilites| Chip and PIN HACKS | CISCO | Cleanup your computer & disk | COMPLAINTS | Compression / Decompression | Conferences & Papers | Computer LANGUAGES | CONFICKER / Downadup | COOKIES | Copy Protection (DRM) | Cordless Phones | CPU HOGS - Tame them | CRAMMING | CrapWare Removal | Credit Cards | Cross-Scripting | DATA BREACHES |
DATA BREACHES - Specific Sites| Data Held for Ransom | Data in Motion | DB, SQL,... Vulnerabilities| DHCP Attacks | DNS Attacks | DNS CHANGER MALWARE | DO NOT CALL PHONE LIST | DoS - Denial of Service | Downloads | Downloaders | Drive By Downloads | DRM-Digital Rights Management | DropBox / DropSmack vulnerability | Electronic gadgets infected | EMAIL security | Email Viruses | EMULATION (WINE,...) | ENCRYPTION | Encryption Flaws |
ETHERNET / 802.11 (other - security topics not covered elsewhere) | EULA | Events | EXCEL Attacks / Flaws | Facebook / Twitter / etc. | FAX HOAXES / MALWARE | Fibre security problems | FILE RECOVERY / UNDELETE | File Systems - ALL | Firefox / Mozilla | FIREWALL Information | FIREWALLS, HARDWARE | FIREWALLS, LINUX |
FIREWALL, SOFTWARE | FIREWALL - TEST your (free) | Flash Cookies Delete | Flash Cookies Information | Flaws / Vulnerabilities - Software | FREE Security Programs | FREE Virus Checkers | FREEZE YOUR CREDIT TO PREVENT THEFT | FTP - Vulnerabilities | GLOSSARIES - Malware | GLOSSARIES | Glurges | Google & Google Desktop | Government, Federal & Official Help | Gpcode - Data Ransom | GPS Stalkers can find your You & your Child |
GRAPHICS can run malicious code | GSM Vulnerabilities | Gumblar blended threat | HACKED Data - Latest Sites |
HACKERS, Anti | HACKS - Hacked Sites and Techniques | Hardening Linux | Hardware Diagnostics | Hardware, Protecting your | HDDs - ATA, EIDE, ESATA, IDE, SATA, SATA IO, SAS, SCSI, XSATA | ***** HEARTBLEED - WORLD'S LARGEST DATA BREACH - APRIL 10th 2014 ***** | HELP SITES (get help) | HIDS - Host Intrusion Detection System | HiJackThis | HOAXES | Home Computer Security Specifics |
your HOME SECURITY | HOSTS file | HTML Injection | I AM USING THESE PROGRAMS TO PROTECT MY COMPUTER | Identity Theft | IDS - Intrusion Detection System | IM - INSTANT MESSAGING | INTEL | INTERNET EXPLORER | Intrusion Detection Languages / CISL | Intrusion Prevention | IP Abuse | IP Address - Where is it Located and who owns it? | IP Filters / Filtering | iPhone (Apple's) | IP Management | iPOD | IPS |
IP Security Abuse / Problems | ISO IMAGES | ISO 17799 & ISO17799 | iTunes | iWORM | JAVA and J2EE Security | JAVA CONSOLE VERSION | Javascript Hijacking | Keyjacking | Keyloggers - FOOLING | Keylogging | LinkScanner-Safe Link? | Linux Firewalls | Linux ROOTKITS | Linux Security | Linux Virus Checkers | Locked Files? - Delete? | LOG FILES - LINUX | MAC Address | MAC / OS X |
Malware | Malware Alerts | Malware - Apple / MAC / iPad / iPhone / IOS | Malware - How some Malware works | MALWARE REMOVERS (antiMalware, antiSpyware)- REVIEWS | 2014 | 2013 | Malware - Remove Specific | Malware - Remove Unknown |
Malware - Other Removers | Man in the Middle - attack | MD5 | Media Player Vulnerabilities | Messenger Service Spam | Microsoft - NON-Windows | Mobile Malware / Viruses | NAT | Network Security | NEWS Sources - Security| NIDS - Network Intrusion Detection System | Nine Ball | NoScript - Firefox add-on |
Novell security issues | Online BANKING | Online Malware Checkers | Open Office | Open Source anti-virus | Open Source Vulnerabilities | Oracle | Organizations - Anti-Malware | Outlook / Outlook Express | Overwriting Viruses | PASSPORTS with RFID |
PASSWORDS - BIOS | Password Strength Checking | Password Stealing | PASSWORDS - Generate Strong | Password (Key) Safes | Passwords - Tips/Encrypted | PASSWORDS - WINDOWS | Patching | PDA Viruses | PDF Vulnerabilities | Pharming | Pharming, Drive by | Phaxing | Phishing | Phones - Cell, Wireless,... | Photograph SCAMS / Doctored | Popup STOPPERS |
Port Knocking | Port Number Assignments | Port Stealth Mode | PowerPoint Problems | Privacy | Privacy Policy | Programming Vulnerabilities | Psyb0t or Bluepill Worm | PUP - Potentially Unwanted Programs | QuickTime | RAM SCRAPERS | RANSOMWARE |
REBATE PROBLEMS | RECOMMENDATIONS for Securing your PC | RECOVERY / RESCUE DISK - WINDOWS | RECOVERY / RESCUE DISKS - LINUX | REFERENCES | RFID | REGISTRY - Windows File | REMOVING Specific Spyware/Malware | Road Runner Security
Root-kits - Detect Them | ROOTKIT REMOVAL | Rootkits - LINUX | Root-kits in the News | ROUTERS Flaws/Problems | SONY's use of Root-kits | SAMBA | SAFE MODE BOOTING | SCAMS | SCAM RESOURCES - Is it really a SCAM? | SCANNERS, Malware | SECURE CONNECTIONS | Secure Connections Vulnerabilities| SECURITY CHECKING | SECURITY PROBLEMS |
SECURITY, REFERENCES | SECURITY, SOLUTIONS | Shellshock BUG - nasty - Linux / Unix / OS X / Routers - NOT Windows | SIEM / SEM / SIM | SiteAdvisor (McAfee) | Shopping Safely Online | SKYPE Security issues | SLAMMING | SLOW COMPUTER/BROWSER FIXES| Smart Phones (all) | SMiShing | SNMP | SONY's USE OF ROOT-KITS | SPAM |
Spear-Phishing | SPIM - SPAM In IM | Spoofing | SPYWARE | SQL Injection | Stagefright Android MMS Hack | STALKERS easlily get Child's BEDROOM/Playground location|
Storage Security | SYMBIAN | TERRORISM, anti | Thunderbird | Tripwire | TROJANS | Trojan Removal Tools | Unix Security | USB Security | VANDALS | Vibrant Media - Malware | Virtualization |
VIRUS INFO - Complete | VIRUS MELT Removal | Vishing | VISTA | VML & Markup Languages | VOIP / IP Security | VULNERABILITIES | Waled Malware | WAP | Watering Hole Attack | WEP - not secure |
WEB BUGS | WEB / Internet Security | WEB PAGE Security | WEB, IP & EMAIL ABUSE - White Papers | What Windows Programs Run at STARTUP / BOOT ? |
What is that Windows Program running in the BACKGROUND? | White Listed Web Sites (Safe) | White Papers | Wi-Fi SECURITY | Windows free Security Updates from Microsoft | Windows Media Players Problems | WINDOWS (all recent versions) VULNERABILITIES | WINDOWS TIPS | WINDOWS UPDATING - How to |
Wireless (CORDLESS) Phones | WIRELESS / Wi-Fi SECURITY | WireLurker | WORD / .DOC files | WORMS | WOT | WPA | WPA2 | x64_AMD (EM64T) (64Bit) Protection | Xen Vulnerabilities | XML Vulnerabilities | XP Security | Zero-Day Attacks (Microsoft Office - Excel, Power-Point, Word) | ZOMBIES / BOTs | Zone Alarm - Free software FIREWALL | OTHER RESOURCES | OTHER INFORMATION |

Programming Language Vulnerabilities

AJAX Vulnerabilities | C# Vulnerabilities | PYTHON Vulnerabilities | RAILS Vulnerabilities | RUBY Vulnerabilities |

Beginner / Newbie Steps to Protect Your Computer Data

As long as you connect to the Internet (browse, eMail), your computer is not safe. Running NON-Windows (MAC or Linux) increases your computer safety, BUT gives your fewer choices to protect, clean-up your computer (my opinion) and, more importantly, fewer choices in Applications. 1] How to protect your computer and it's data A] PASSWORDS 1) Do not pick easily discovered passwords. 2) Set the Administrator password - DO NOT EVER FORGET THIS. 3) You may wish to add a Boot up (also called a hard drive or BIOS) password - DO NOT EVER FORGET THIS - If you have a laptop (mobile computer) or other unknown people could get at your computer. You will have to look up this procedure in computer or motherboard owner's manual. 4) Do not pick simple passwords - combine upper case lower case and symbols. 5) Make passwords at least 10 characters in length 6) Do not use birthdates, names of relatives or pets as part of your password. 7) Do not use words found in a dictionary as passwords nor as part of passwords. 8) Submit your password here, to find out how strong is the password. Generate Secure Passwords here 9) Consider using a free password (key) SAFE to protect your passwords. (Symantec) Norton's 360 includes: Identity (password) Safe B] Always keep your Operating System (usually Windows?) up-to-date. NOTE: Microsoft generally releases updates on the SECOND TUESDAY of the MONTH. C] Always run a good anti-virus and a good anti-malware program(s). Norton 360 combines these and other needed protection. ALWAYS keep these up-to-date. Again for 2011, 2010, 2009 & 2008, PCWorld and I suggest (Symantec's) NORTON 360. Note - it is very fast, these days. D] Always keep your applications up-to-date (Word, Excel, PowerPoint, Adobe Reader, JAVA... E] You really should use a (they are cheap) Hardware Firewall. You may already have one. F] EMAIL - do not open emails from unknown persons. Do not open any email attachments, UNLESS you are expected it, from that person. For more EMAIL security information I suggest using a keyword on YOUR outgoing emails that contain attachments - this shows that you, not a virus, actually sent the attachment. Let your correspondents know what keyword you use. For more EMAIL safety tips, click here G] You should use a Software Firewall to prevent bad programs from sending your data back to their home. I suggest the one included with NORTON 360. I do prefer ZoneAlarm's software firewall, but I'd rather not have Norton trying to nicely interact with an other software firewall. H] I strongly advise using Firefox 70.0.1 (Quantum) (or later) WITH NoScript and BetterPrivacy (to squash Flash Cookies) as a Browser. If you want to use Internet Explorer, use IE 13 (or later). NOTE Firefox 70.0.1 (Quantum) was released - I AM using it. I] I suggest using Mozilla's THUNDERBIRD as an email program rather than any Microsoft email program - I believe it is much safer. Thunderbird Version 60.9.0 (was released - I use it). J] I suggest setting your browser to remove Cookies after you shutdown the browser. This is usually an option of the web browser. K] I suggest (automatically) deleting ALL temporary files when you shut windows down. CCleaner is both good and free - I've used it for many years. Latest version 7/29/2019 = Version 5.60.7307 (64-bit Win 8.1) I have used this for Windows XP, Windows 7/7.1, Windows 8/8.1, Windows 2008, Windows 2003 32 and 64-bit versions. I have never had a problem with the FREE CCleaner (have not used the PRO version). WARNING: Versions 5.33 to just under version 5.34 are probably INFECTED with MAILWARE. Versions 5.34 and Later should be FINE. GET THE FREE, UNSUPPORTED VERSION OF CCLEANER I also HIGHLY recommend the free CCleaner for fixing REGISTRY problems. If CCleaner finds any Registry Problems, it will ask if you want to backup the Registry prior to making the fixes - YES - ALWAYS BACKUP PRIOR TO MAKING CHANGEES TO THE REGISTRY. USING CCLEANER TO FIX REGISTRY PROBLEMS - Use the Free, unsupported version This is NOT the same technique for ccleaner to remove unneeded files. This simple procedure will make your Windows computer run faster & more reliably 1) Run CCleaner (download the FREE [STANDARD] version) - Click HERE 2) Click on REGISTRY (an icon on the left side of the CCleaner window) 3) Ensure that ALL little Registry Boxes have check marks in them 4) SCAN FOR ISSUES (click on this "button" - bottom of window, left of center) 5) If it finds any issues, Click on FIX SELECTED ISSUES (ALL issues) 6) DO You want to backup changes to the registry - YES <<<< always back it up 7) You can optionally change the name of the backup file 8) FIX ALL SELECTED ISSUES 9) when done, click on CLOSE 10) REBOOT your computer (so the fixes can take effect) CCLeaner also allows you to: 1) List all programs that run at system startup and allows you to prevent un-needed applications from running at Startup. 2} Allows you to restore earlier System Saves (Checkpoints). Five tips for using CCleaner to degunk your system - techrepublic Putting Registry-/system-cleanup apps to the test CCleaner - DOCUMENTATION CCleaner - FORUM You may also wish to peruse my WINDOWS TIPS and SYSTEM STARTUP INFORMATION. You may also wish to peruse my REGISTRY INFORMATION. L] personally. I don't use any form of IM (Instant Messenger), as I believe that they pose a security risk - it's up to you. M] Make your file extensions visible - this helps prevent accidentally executing a piece of Malware. Open Windows Explorer or any folder window and click: Tools->Folder Options->View Ensure that the option Hide file extensions for known file types is UNchecked. Disable hidden filename extensions Files that are executable (such as .com, .cmd .exe,...) are more dangerous than others. Click here for more information N] Turn of the Windows Messenger Service - this is NOT the same thing as an Instant Message, and has nothing to do with Instant Messages. If this is on, Malware can take control of your computer. O] Turn off JAVA (I use NoScript to do this task) in your web browser. Even Microsoft recommends DIS-allowing unknown sites to use JAVA. This may cause some websites to not run correctly. NoScript lets you allow specified sites to run JAVA OR other scripting languages. P] Turn OFF JavaScript (I use NoScript to do this task) in your web browser. Even Microsoft recommends DIS-allowing unknown sites to use JavaScript. This may cause some websites to not run correctly. NoScript lets you allow specified sites to run JavaScript, and other scripting languages. Q] Click here for more BEGINNER's / NOVICE / Impoving computer seccurity guides R] DISCONNECT FROM THE INTERNET WHEN NOT USING IT If your cable modem has a switch that disconnects the modem from the Internet (your ISP), consider disconnecting from the Internet when you are not actually using the Internet (I do this). This prevents attacks on your computer when you are not using it. Newer Motorola cable modems have this disconnect switch. DO NOT TURN OFF YOUR INTERNET MODEM IF YOU USE VoIP for a phone connection - such as Vonage, or Time-Warner's Digital Phone, or SKYPE - as this will disconnect your phone(s). S] Backup your computer - this is not very expensive these days. 2] What to do if you think you have a virus or Malware on your computer. 3] Identity Theft preventiuon and information

ACCOUNTS - PROTECT THEM

JPMorgan hack: 5 secrets to [Help] keep scammers out of your accounts PICK COMPLICATED, STRONG PASSWORDS FREEZE YOUR CREDIT - Prevents new credit from being issued Lessen the chances of Wi-Fi hacking YOUR computer / phone

ActiveX (Microsoft's)

Microsoft FINALLY fixing ActiveX bug - Tuesday 7/14/2009 Symantec confirms ActiveX bugs in its own consumer software - 4/4/2008 CLICK HERE for more information about ActiveX NoScript - a free Mozilla Firefox Extension, blocks Cross-site Scripting (XSS)

ADOBE Security Issues

Adobe Flash Player 21.0.0.213 was released on April 23, 2016 Adobe AIR adobe air version 24.0.0.180 12/29/2016 Adobe Reader XL 11.0.9 was released More information about PDF vulnerabilities may be found HERE

AD Trackers - cell phones - STOP THEM

The easiest way to stop most of these targeted ads on your cell phone is to simply turn off the GPS, which is what you should probably do most of the time anyway - only turn it on when you need to use a GPS (maps, nearby retail stores,...). NOTE THAT PHOTOS OF YOUR CHILD TAKEN WITH YOUR PHONE WITH GPS ON IT WILL TELL PEOPLE EXACTLY WHERE SHE WAS - NOT AT ALL SECURE [it is possible to remove location data from JPGs and other Digital pictures]. Stop those ad trackers on your smartphones! - Komando.com

ADWARE / SPYWARE Detectors / Removers / Anti

Ad-Aware 2008 Free - anti-Spyware & Privacy risks - PCWorld Best Free Adware/Spyware/Scumware Removers - techsupportalert.com Ad-Aware Personal - downloadable free of charge Lavasoft's FREE Ad-Aware - finds/deletes spyware (one of my favorites) also removes Cookies REMEMBER TO OCCASIONALLY CHECK FOR UPDATES TO Ad-Aware NOTE: Support for Ad-Aware 6 has EXPIRED 10/30/04 NOTE: AdAware Plus, $27, works in Real-time and Blocks installation of Spyware
AdWare GLOSSERY
Another AdWare detector contender (RUN BOTH): HOME OF SPYBOT REMEMBER TO OCCASIONALLY CHECK FOR UPDATES TO SPYBOT Update to Spybot Search & Destroy Version 1.6.0 (or later). Info on Spybot Search & Destroy 1.5.2 also removes Cookies I also occasionally use the free CWShredder - a CoolWebSearch Trojan Remover. Version 2.19 is available. If all else fails, purchase Spy Sweeper, $30/yr. Version 5.8.1 (build 51), has been released. DO NOT upgrade to 5.8.1 Build 55 - installation files seem to be corrupt, and caused me to go back to Version 5.8.1 (build 51), I am also using, purchased SpyWare Doctor - $30 They offer a free scan, but charge the $30/yr if you want to remove the pests. In my personal opinion, I prefer Spy Sweeper. NEVER download a spyware program without investigating it first (see below). Many free/for sale spyware detection programs cause you problems. 2007 Anti-Spyware Software Review 2007 Review of Webroot's Spy Sweeper 2007 Review of Spyware Doctor Today's Top Spyware & Security Stories - PC World PC Magazine picks Web Root's Spy Sweeper 5.0 - 9/25/2006 PC Magazine picks Spyware Doctor 4.0, as a close second choice PCworld picks Web Root's Spyware Sweeper 4.0 - Sept 2005 Microsoft's free Anti-Spyware program Beyond Ad-aware: Block Spyware and Other Pests Review: Enterprise Spyware Detectors - Sept. 16, 2005 The Many Faces of Spyware Tutorials -> Spyware/Hijacker/Malware Removal - bleepingcomputer Spyware Dictionary SpyWare Guide (PC World) WARNING - Lots of ANTI-SPYWARE Programs ACTUALLY INSTALL Spyware SpyWare Programs - Comparisons Eric Howes' Privacy & Security Page Benjamin Edelman C/NET's Spyware Software Download Center Spyware Info dot com The Definitive Spyware, Adware, Pop-Ups, and Malware Removal Guide MAJOR GEEKS SPYWARE DOWNLOAD PAGE Privacy Watch: Gain Extra Protection With Adware Scanner Secrets Remove Trash Apps (really insistant AdWare) - a manual method for so doing Tools to ward off SpyWare ZoneAlarm Tips
CEXX Org - seems to be an anti-AdWare site
Spyware and Adware are files made by publishers that allow them to snoop on your browsing activity, see what you purchase and send you "pop-up" ads. They can slow down your PC, cause it to crash, and worse. If you are like most Internet users, chances are you are probably infected with these files. Simply surfing the Internet, reading email, downloading music or other files can infect your PC without you knowing it. Study: Tools Let Spyware Slip Through Cracks Poor (Spyware) Defenders - PCWorld 12/2004 Spyware Wrap-Up - PCWorld - 11/03/2004 GMail Vulnerable To Contact List Hijacking (Jacking) - Slashdot More Spyware Prevention and Removal - PCWorld 10/27/2004 More on Fighting Spyware Is Distributing Spyware a Crime? - PCWorld 10/11/2004 Spyware Primer - PCWorld - 10/13/2004 Kill Spyware by Hand

Free online scan for Spyware of your PC

Free Online PestScan - Zonelabs

ANDROID

Android app security tested by malware and vulnerabilities Android app security is under attack this week with vulnerabilities in the popular app, AirDroid, and malware that steals Google account authentication tokens. Android backdoor discovered in firmware for budget devices - 11/21/2016 Stagefright exploit Metaphor exploit created with reliable ASLR bypass - hundreds of millions of Android devices are at risk - 3/2016 Every Android device is vulnerable to TWO newly discovered STAGEGFRIGHT bugs With two new "Stagefright" vulnerabilities discovered, almost every Android device ever released is vulnerable to malicious hackers. Fixing the bug isn't simple. Millions left at risk as Google's Android STAGEFRIGHT fix pushed to September, 2015 Beware of texts: More than 950M Android phones vulnerable to Stagefright MMS hack More than 950 million Android phones are vulnerable to a new hack utilizing bugs found in the Stagefright media playback tool. All a hacker needs to do is send a simple multimedia text message to gain access to private data. Android - Open Source Linux Mobile OS Android’s New Hacker Dream ADK Makes Anything an Accessory 99 Percent Of Android Devices Are Vulnerable To Password Theft 400 Percent Increase In Android Malware; Mobile Security Threats At Record High - 5/11/2011 REVIEW: Lookout Mobile Security Protects Android Smartphones - Free & Paid Keep Malware Off Your Android Phone: 5 Quick Tips Google clamps down on Android Encrypt calls on your Android device with RedPhone An Escalation in the Mobile Zombie Cookie Wars Suspicious Android Activity - wallpaper app nabs user data 2 out of 3 Android apps use private data "suspiciously" - the register Upgrading Android: A Guided Tour 88 high-level security risks found in Android operating system Data Leak Vulnerability In Android Gingerbread iPhone apps send more data with outside companies than Android apps do Android Vulnerable To Data Theft Exploit Tawkon Debuts Free Cellular Radiation App for Android AND OTHER SMART PHONES Nielsen: 32 Percent Of New Smartphone Owners Choose Android Phones Android Phone Users More Willing to Switch to iPhone, Finds Nielsen for more ANDROID Information, Click here

AIX (IBM's Unix)

IBM AIX muxatmd Buffer Overflow Vulnerability

AJAX Problems

AJAX - Emerging Security Threat #1 - Jim Raposa Ajax worm can hijack Web sites browser hijacking - JavaScript CLICK HERE for more information about AJAX

Anomynity - Remain Anonymous

Browser Fingerprinting Can ID You Without Cookies SYMPA (Send_Your_Mail_Privately_&_Anonymously) - eRightSoft.com - freeware Proxy Lists/Info Anonymity Apps: Surf in Secret - PCmagazine Nov 30, 2004 Anonymizer, Inc. American Express offered some such service starting 9/2000 - I don't know if they still do.

Articles and News about Security

Massive data breach hits 400,000 in Texas hospital system - It could happen to you too! A new study says that your iOS apps are riskier than Android ones. Unfortunately, that's not saying much! 70 percent of Android devices are vulnerable to this simple exploit Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Target-style security breach also struck Neiman Marcus and others A hacker can steal your tax refund in minutes Criminals after your refund dollars will typically use one of these five methods If you're missing your refund, it might not be stolen; it could just be late Identity theft is obviously a growing problem in this country, and it's not going away One of my employees was a victim of identity crime. You won't believe what happened to him Can't get a loan? It could be your Facebook profile If your Facebook profile can hurt your chances at a loan, why couldn't it also help them? Hackers steal $56,000 worth of YouTube ad revenue Hate your job? This app will quit for you Cage match! Syrian Electronic Army hacks Microsoft Java Runtime Environment Java 8 Update 191 CPU October 19, 2018 (I am using 8.181 - DOWNLOAD FROM THE ABOVE URL) Do NOT allow them to modify your browser settings - UNCLICK THE BOX THAT SAYS MODIFY BROWSER SETTING TO YAHOO. This Is How Easy It is For Thieves To Steal Everything In Your Wallet LINKEDIN Passwords stolen - CHANGE YOURS eHARMONY Passwords stolen 6/2012 - CHANGE YOURS VMware Breached, More Hypervisor Source Code To Come - stolen from Asian defense contractors Kaspersky: Duqu Trojan uses 'unknown programming language' Dangers of IE 'Cookiejacking': What You Need to Know A security researcher was able to collect information from Google Profiles and save millions of files Beware malicious LinkedIn invitation reminders Hackers steal Fox TV EMPLOYEES passwords, deface Twitter and LinkedIn pages Dropbox Accused Of Misleading Customers On Security - Information Week Someone May be Getting Your Online Bank Statements Facebook Apps Leak User Info. So do Linkedin? (Linkedin worm take 3) Attackers Using Google Image Search to Distribute Malware Facebook Denies Privacy Breach Allegations by Symantec Facebook Security Flub: Social Network Exposed Your Private Data to Advertisers Password Manager Service LastPass Investigating Possible Database Breach - 5/6/2011 Leaked Cables Indicate Chinese Military Hackers Attacked U.S. An Escalation in the Mobile Zombie Cookie Wars 2 out of 3 Android apps use private data "suspiciously" - the register LastPass Vulnerability Exposes Account Details If you use Firefox, NoScript could prevent this problem. Dropbox Mobile: Less Secure Than Dropbox Desktop GAO Says IRS Data Security Problems Persist 10 Massive Security Breaches Hackers breach EMC security division Since even the CIA has been hacked, this isn't as bad as it sounds, but it has got to be very embarrassing. NSS Labs Alert: RSA Breach Tests Find Security Programs Fooled by Attack Vector Symantec Finds Fake Google Security Tool Safari, IE Defeated, Chrome, Firefox Survive HACK Contest Tests Find Security Programs Fooled by Attack Vector - PCworld - 3/9/2011 Looming IPv6 transition will strain federal cybersecurity 'Ransomware' Threats Growing - 1/18/2011 Worm Planted in Fake Microsoft Security Update - do NOT respond to EMAILS from "Microsoft" Hacker Cracks Secure Hashing Algorithm Using Amazon Cloud - COST?: just $ 2.10 New Stuxnet Details Point Specifically to Nuclear Targets New, readily available software (FireSheep) allows bad people access to your accounts over unsecured WiFi connections. Facebook Privacy Fail: Apps Leak Private Info, Report Zeus Botnet Targets Charles Schwab Clients Apps Going Viral: When Your Smartphone Gets Hacked Black Hat Warning: ATMs At Risk 'App Genome Project' Exposes Potential Smartphone Risks Hackers Deflate Auto Tire-Pressure Sensors Touchscreen Smudges Pose Security Risk Java Runtime Environment 8 Update 191 was Released UNFORTUNATELY, Java 6, Updates 31 through 37 are VULNERABLE - you should DISABLE them You can get a virus by using the F1 key AND Internet Explorer Energizer Battery USB charger blamed for backdoor Trojan Your cell phone may be sending your conversations to other people Hackers exploit The Oscars to spread scareware attack How Wi-Fi Attackers Poison Browsers - PCworld - Feb 6, 2010 Scammers Hop on iPad Bandwagon Utilities To Bolster Smart Grid Cybersecurity Conficker virus STILL AROUND - outbreak at Greater Manchester Police Bill Cosby hasn't died, but hackers take advantage Microsoft: UAC Can Be Hijacked by Social Engineering Botnet Floods Major Websites With Fake SSL Connections Hack On Iowa Racing/Gaming Unit Jeopardizes Data Of 80,000 Employees PGP Corporation Acquires TC TrustCenter & ChosenSecurity Fake Microsoft Outlook Update Installs Trojan, then fakes SSL connections Browser Fingerprinting Can ID You Without Cookies Personal Data Of 77,000 At Risk As Data Is Lost In Alaska 49 Congressional Websites Hacked By Brazilian 'Red Eye Crew' Computer Theft Adds Up To $7 Million For Blue Cross Of Tennessee Identity Thieves Successfully Targeting Wealthy Victims, Study Says Many Voice Encryption Systems Easily Crackable Sophos Security Threat Report 2010 Researcher Cracks Security Of Widely Used Computer Chip Majority Of Online Banking Customers Use Same Credentials On Other Less-Secure Websites Researches hack the connection between Web App and it's database BM ISS Researcher Exposes Holes In Cisco's Internet Surveillance Architecture ITRC Report: Malicious Attacks Are Now More Frequent Than Human Error BBB ranks top 10 scams of 2009 10 email scams to watch out for FBI Probes Hack at Citibank Hackers exploit Tiger Woods car accident, spread malware Sexy spamming girls steal World of Warcraft passwords Data leaks could lead to big fines for companies in future Ants Vs. Worms: New Computer Security Mimics Nature room service tidies his hotel room they might do something rather more sinister Verizon and Vodafone credit balance emails carry malware Fake Verizon 'balance-checker' is a Trojan Nasty Gmail Bug Erroneously Marks Unread E-mails As Read Microsoft: Worms Are Most Prevalent Security Problem Fix Old Flaws to Stop New Attacks - Intro Fix Old Flaws to Stop New Attacks Nasty Halloween Trick: Fake Antivirus Sites GET Sophos Free encryption tool (ALL Windows OSes) (I have NOT tried it) Sidekick Data Loss: T-Mobile's Unending Nightmare Comcast Testing Virus Notifications to Infected Users - 10/9/2009 Phishing Scheme Almost Catches FBI Chief Download the free Microsoft Antivirus program Microsoft's New Free Antivirus Hits the Streets - 10/2009 Website exposes sensitive details on military personnel New Adobe Flash Player version 21.0.0.213 has been released The latest version of Flash Player is 21.0.0.213. Sneaky New Virus (Anti-Virus-1) Spreads via Ads - eWeek.com was hacked NoScript probably would have prevented the above problem Anti-Virus-1 REMOVING Anti-Virus-1 - bleepingcomputer.com Hackers exploit unpatched Adobe Reader bug Permanent fix needed for DNS security issues, Kaminsky warns at Black Hat CWE/SANS TOP 25 Most Dangerous Programming Errors Integrity-178B OS is designed and certified to defend against sophisticated attacks Keeping an Eye Out for the Sinowal Trojan Space station computer virus raises security concerns New techniques hide PDF malware - Microsoft Windows Vista ... - Apr 29, 2008 Finjan Finds Database of 8,700 Stolen FTP Credentials new push from the government to make it legal to snoop through anybody's e-mail UPS/FedEx Delivery Failure Webroot's Spy Sweeper version 5.8.1 (build 51) has been released (update site) Scam centers on voter registration Latest Microsoft XP updates (July 8, 2008) seem to have killed ZoneAlarm Pro. I have had to de-activate (7/9) ZoneAlarm Pro in-order-to get any Internet access. ZoneAlarm Pro 7.0.483.000 fixed the above Internet access problem. Expect iPhone, Fourth of July scams, security firm says Trojan lurks, waiting to steal admin passwords Microsoft Security Intelligence Report (July - December 2007) Webroot's WINDOW WASHER Version: 6.5.5 (build 153) was released 5 News Cisco Vulnerabilities for PIX and ASA What is JS/Psyme (and How to Get Rid of It) Skype File URI Code Execution Vulnerability Symantec Backup Exec System Recovery Manager Directory Traversal Cyber-crooks switch to dynamic code obfuscation to avoid being detected Apparently Zone Alarm & Other Malware Detectors are giving False Poisitives to break into a computer's encrypted hard drive? Just freeze the machine's memory chip computer virus recently discovered on digital photo frame RINBOT - New computer virus attacks business networks Spyware Horror Story: Toxic Wine - A WINE Virus effecting Linux systems Symantec confirms ActiveX bugs in its own consumer software - 4/4/2008 Stripping Away Malware's Armor Major Linux security Hole Found VALENTINE's DAY (2/14/2008 & 2009) STORM WORM COMING Why UAC will not work - users logged in NOT as root/administrator will NOT stop malware Smart Ways to Use Mozilla Firefox free AVG Anti-Root All Privacy & Security Downloads - PC World CES: SentrySafe's Water- and Fireproof Backup Drive guerrillamail - disposable e-mail addresses which expire after 15 Minutes FTC Stops Explicit Popups Zone Alarm Pro Version 7.0.462.000 has been released AJAX - Jim Rapoza's 10 Emerging Security Threats #1 Google APPs - Emerging Security Threat #2 - Jim Raposa Mobile devices & Applications - Emerging Security Threat #3 - Jim Raposa RFID - Emerging Security Threat #4 - Jim Raposa Rich Internet Applications - Emerging Security Threat #5 - Jim Raposa RSS - Emerging Security Threat #6 - Jim Raposa Social Networks - Emerging Security Threat #7 - Jim Raposa Virtual Worlds - Emerging Security Threat #8 - Jim Raposa Virtualization - Emerging Security Threat #9 - Jim Raposa VOIP - Emerging Security Threat #10 - Jim Raposa Security Researcher Finds Flaw in Windows Media Player Critical vulnerability found in Ask.com toolbar Symantec Launches Norton AntiBot as Public Beta the electronic trail briefly left in a computer server's RAM must be turned over as evidence News Analysis: Security Appliance Vendors Blase About CSRF Flaws BitDefender's top malware chart for May 2007 Sony pleads innocent in latest rootkit fiasco Phishers Play Top 40 AT&T Introduces Pay-For-Play Parental Controls for Cell Phones E-voting predicament: Not-so-secret ballots Windows Patch Caused Crash, Skype Says U.S. Government Threatens Retaliation Against States who Reject REAL ID Would You Like A Job With That Virus? Just Say "No Thank You" to Data Disclosure Microsoft limits search data retention, to a point Symantec Bats Botnets with New Tool Fox News server found unsecured What Are All Those .DAT Attachments? Fraudsters Use Charities To Prep Stolen Credit Cards For Sale Phishing.gov? enVivo!CMS Vulnerability Mpack installs ultra-invisible Trojan Red Cross Scam Targets Military Families Apple Shuts Down IPv6 Security Hole MPack Trojan Attack Claims 10,000 Web Sites - 6/18/2007 ANI Trojan Sticks It to Tom's Hardware - patch was available 12 Ways to Be A Security Idiot - 12 Slides Microsoft Urges Workaround as Worm Hits Unpatched DNS Flaw Make your computer HEAVY and risk of it being stolen is greatly reduced. WEP can now be cracked in less than ONE MINUTE More Cisco Flaws - 4/7/2007 Be very careful about opening ".HTA" (Hypertext-Application) Files: New Sysinternals tools from Microsoft Kill Spyware by Hand Gozi Trojan leads to Russian data hoard - account information of thousands stolen Microsoft Investigates IE 7 Vulnerability Over 50% of infections detected in February were spyware and ... - HNS Can a Rootkit Be Certified for Vista? Does you computer make strange sounds at unpredictable times? Microsoft's OneCare Finishes Last in Anti-virus Tests What's Bugging eBay? Viruses Attacking USB Devices CERT - Home Network Security Information CERT - Home Computer Security Blocking Sites that send you ads CBC News Indepth: Computer security - How safe is your computer? Researchers say they peeled The Onion Router The Encyclopedia of Computer Security History of Computer Security weakest link in the security chain: executives who work at home VML vulernability - MS fix is out - can be infected just by viewing a Web page Vista Aims to Stop Hackers' Social Engineering Ploys Acer Preloaded Vulnerability - 1/16/2007 Exploit Released for Critical PC Hijack Flaw that Microsoft thought it had just fixed Opera users need to update to version 9.10 in order to eliminate two threats. Media, Tech Firms Probe Possible High-Def DVD Hack Don't Get Sucked Into Someone's Criminal Schemes DEP/NX has been included in CPUs for years to prevent malware attacks, but turned OFF Gift Card Fraud Rumors and Reality IE 7 Cautionary Tale MySpace worm uses QuickTime for exploit Cracking the BlackBerry with a $100 Key EveryDNS, OpenDNS Under Botnet DDoS Attack See GIFT CARD FRAUD WARNING Exploit Code Published for Apple OS X Glitch Apple: Beware of Rigged QuickTime Movies - Upgrade to QuickTime 7.7.2.0 Keep Your Secrets: A Safe, Easy Way to Encrypt Files Patch those (under attack) wireless drivers WinZip Vulnerability Apple has released an update to the firmware for their Intel-based Macs, DRM hacker has cracked Apple's iPod protection A critical flaw in the Broadcom wireless driver embedded in computers Phishers Cast a Mobile Net (via cell phones) Windows Server 2003, Longhorn Server & Vista Security Articles ActiveX Flaw Identified - 11/6/2006 Month of Kernel Bugs Microsoft Warns of PowerPoint Attack Spam Trojan Installs Own Anti-Virus Scanner Black Hat Security Conference Archives Spyware, Bots, Rootkits Flooding Through Unpatched IE Hole Crime Rings Target IE 'SetSlice' Flaw; ZProtector Released - fix due 10/10/2006 Learn about Vista's changes to user security Firefox Still Tops IE for Browser Security HOW TO UPDATE WINDOWS Security Watch: VML Bug Imperils IE Users Defective By Design Org is protesting Apple's DRM strategies Security Watch: Security Tips Galore Apple Ships Patch for MacBook Wi-Fi Hack Security Tip: Buy Password-Cracking Software Excel Password Recovery Beware of Rogue Antispyware and Anti-popup Products Hacker Discovers Adobe PDF Back Doors - 9/15/2006 Malware Money Tough to Trace Record number of phishing sites seen for July CA eTrust Antivirus [was erroneously] flagging Windows 2003 Server's lsass.exe infected Son of the Critical Windows Bug - MS06-040 Top 8 Threats Retina MS06-04- NetApi32 Scanner - Free Scanner Probes PCs for Critical Windows Bug Looks like Cisco's firewall is vulnerable to yet another attack Phishers try to best banks' authentication Top 10 Spyware Threats - Webroot Top 100 Security Tools Download Free SVG Viewer 3.03 (security updates) Sony BMG is using SunnComm's MediaMax DRM on some new CDs: CDs Containing SunnComm MediaMax Version 5 Content Protection Software Two DNS servers hit by denial-of-service attacks Symantec antivirus security bug Windows - a Corrupted Font can cause a PC security breach Windows Small Business Accounting 2006 crashing on you? Microsoft Outlook 2000, XP or 2003 vulnerability The people at the Mobile Antivirus Researchers Association (MARA) are reporting that they have discovered the first PC to Handheld crossover malware written in C#. CME provides single, common identifiers to new virus threats to reduce confusion AJAX Poses Security, Performance Risks Virtual Machine Rootkits: They Live! Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes 'Mr. & Mrs. Smith' DVD Ships with Rootkit-like DRM Harder-to-Detect Oracle Rootkit on the Way Caught by a Phish Adobe Fixes Shockwave Code Execution Flaw - February 24, 2006 Who Tests the (software) Code Testers? ActiveState Returns to Open-Source Roots Adobe Patches Photoshop, Illustrator Flaws Gartner Disses Oracle Security Oracle Opens the Book on Its Recipe for 'Unbreakable' Code Find out how pharming attacks hijack Internet domains - view the video Big Hole in Symantec SMS Product Cookie Holes Expose Browsers more than 1 billion suspicious computer security events recorded in 2005 'High Risk' Flaw in Symantec AntiVirus Library Security Patch Watch: Sun Java, Symantec, Cisco Trend Micro: RSS Is Worm Bot's Next Target Security Vendors Clueless Over Rootkit Invasion News Analysis: Ca Sony's 'Rootkit' Is on 500,000 Systems, Expert Says XML-RPC Threatens Linux, Unix Systems Internet Security issue - eWeek Check if your PC is vulnerable to IE's Javascript problem Linux/BSD still exposed to WMF exploit through WINE! Hackers Exploiting Zero Day Windows Flaw Microsoft has released an advisory, suggesting IT administrators and users set the email client to read only text, and disable Windows picture and fax viewer. Patch HAS been released - 1/06/2006 Trojan, Exploit-WMF, delivers unwanted gift to Windows PCs Santa delivers more Christmas malware - The Trojan horse "MerryX.A" - 12/2005 SecurityFocus is designed to facilitate discussion on computer security OpenSSH cutting edge Demystifying Denial-Of-Service attacks, part one Tracked by cellphone Microsoft December 2005 patch release to include one critical update Sony fixes security hole in CDs, again - 12/8/2005 Survey: Most home PC users lack security WORM Attacks New Worm Targets Linux Web Service Holes Linux: Secure as You Want It to Be Windows bug allows invasions - XP w/SP2 & Windows Server 2003 - Windows Firewall Update makes invisible entries visable in Windows Firewall Red Hat, IBM help form company to buy Linux patents New Worm Targets Linux Web Service Holes - 11/2005 Network Appliance Data ONTAP iSCSI Security Controls Can Be Bypassed Microsoft Security Bulletin MS05-051 Problematic for Some, Security Firm Says Microsoft has re-issued Windows 2000 SP4 Update Rollup, due to problems Adobe Fixes Flaws - Acrobat and Adobe Reader plug-in buffer overflow Microsoft Exec Warns of 'Fake' XP SP3 Update - Windows XP Service Pack 3 Microsoft Bolsters Video Content Security in Vista Windows XP SP3 to ship when Vista ships Most Monitors Won't Play New HD Video & you have to upgrade to Windows Vista Read & follow PCworld's 10-step PC Security suggestions Detecting and Attacking Bluetooth-Enabled Cellphones at the Hannover Fairground existing Bluetooth hole has been opened wide - Security watch 6/6/6/05 Drive-By Download Sites Chauffeur Spyware Consider using NOD32 Anti-Virus & Anti-Spyware Software browser security-check Web sites Liberty Alliance takes on ID theft Cracking WEP in 10 minutes Spyware solutions: Technology and leadership Update Your Internet Security Arsenal Head Off Spyware, Viruses and Malware Five Linux Security Myths You Can Live Without

Advisory / Alert Sites & Databases

Technical Cyber Security Alerts - US-CERT Internet Storm Center - SANS dot ORG Latest vulnerabilities analysis - Sophos FBI eMail Scam list - signup for their email Vernerabilities - listed by Secunia.com Advisories Listed by PRODUCT Advisories Listed by VENDOR Latest Viruses, Worms, Trojans, Spyware, and Malware Versign iDEFENSE Publications spywareguide PC Magazine's SECURITY WATCH EIT Planet's Security News - antionline.com SECURITY - Information Week Daily cyber threats and internet security news alerts Published Scoops - governmentsecurity.org Office of Inadequate Security Invisible Things Lab - NEWS - cutting-edge research in computer system security emergingthreats.net Graham Cluley's blog - Sophus Paul Ducklin's blog - Sophus Chester Wisniewski's Blog - Sophos SophosLabs blog

Advisories, Microsoft

REPORT A MICROSOFT VULNERABILITY New OLE bug allows complete computer takeover 10/2014 - Komando Windows hole discovered after 17 years Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released recovery form for you to use to restore access if your account has been locked Microsoft is blocking access to thousands of Windows Live Hotmail accounts after passwords were stolen Phishing attack heists Hotmail, msn.com, and live.com passwords - 10/2009 SA09-251A: Microsoft Updates for Multiple Vulnerabilities MS Office BMP Input Filter Heap Overflow Vulnerability - labs.idefense.com MS Office WPG Image File Heap Buffer Overflow Vulnerability- labs.idefense.com MS PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability- labs.idefense.com MS PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability- labs.idefense.com MS Excel Chart AxesSet Invalid Array Index Vulnerability- labs.idefense.com TA08-190A - MS Updates for Multiple Vulnerabilities July 8, 2008 TA08-189A - MS Office Snapshot Viewer ActiveX Vulnerability July 7, 2008 Security Loophole Found In Windows 2000 Operating System - 11/12/2007 Microsoft Gearing Up To Patch ShellExecute Office 2007 Vulnerability - the first one found ActiveX Flaw Identified - 11/6/2006 Retina MS06-04- NetApi32 Scanner - Free Scanner Probes PCs for Critical Bug Microsoft Advisories, Listings Sign up for Microsoft Advisories Internet Storm Center - SANS dot ORG Microsoft Security Home Page

Advisories by OS, Product, & Vendor

Advisories Listed by PRODUCT Advisories Listed by VENDOR

Advisories / Exploits, Specific - New Alerts

FACEBOOK: Malicious IM/Messenger Msg of a ZIPped Java .JAR file infects your computer UK, US spies hacked into webcam feeds of millions of Yahoo users New report: Two more retailers were hit at the same time as Target ANOTHER SECURITY BREACH! HOTELS TARGETED If you've stayed at a hotel in Chicago, Los Angeles or at least four other major cities, you need to check your payment card statement for unauthorized charges immediately. A hotel management company responsible for operating many large franchises including Hilton and Marriott was hacked. http://videos.komando.com/watch/5005/viral-videos-another-security-breach-hotels-targeted?utm_medium=nl&utm_source=tvkim&utm_content=2014-02-03-article-title-g Target-style security breach also struck Neiman Marcus and others Identity theft is obviously a growing problem in this country, and it's not going away One of my employees was a victim of identity crime. You won't believe what happened to him A hacker can steal your tax refund in minutes Criminals after your refund dollars will typically use one of these five methods If you're missing your refund, it might not be stolen; it could just be late 4 ways burglars use social media to target you (some?) D-Link Routers are hackable - Could your router be taken over by hackers? key secured message - SCAM - MALWARE Incoming Fax Email Scam New Linux Rootkit Discovered Injecting iFrames - 11/22/2012 Conficker virus STILL AROUND - outbreak at Greater Manchester Police Spammed out Amazon Shipping Update contains malware (a Trojan) Banking malware found on Android Marketplace Phishing attack heists Hotmail, msn.com, and live.com passwords - 10/2009 Fake anti-virus virus proclaims to be your Facebook friend - October 1st, 2009 Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths New Trojan stealing FTP credentials, attacking FTP websites How to defend against rogue DHCP server malware Finding malware on your Windows box (using the command line) When BIOS updates become malware attacks Rootkit Hunter demo: Detect and remove Linux rootkits Botnet threats and countermeasures Nine Ball - attack strikes 40,000 Web sites Here Comes Nine Ball, Another Major Web Threat Beladen Gumblar Hacker Hits URL Shortening Service Cligs Keeping an Eye Out for the Sinowal Trojan

Joke-ClickMe

This is a practical joke program. It is not a trojan nor a virus. Joke.ClickMe | Symantec Joke.ClickMe Technical Details | Symantec Joke.ClickMe - Removal Joke-ClickMe Joke-ClickMe Hacked Sites Install Google-Targeting Malware Don't open that Western Union Transfer email Of course, that latest, is phony Bird-Flu Emails. CONFICKER WORM (W32.Downadup): Conficker virus STILL AROUND - outbreak at Greater Manchester Police Visual Pictures can determine whether or not you have the CONFICKER Worm (I don't know if the above covers Conficker D variant. I believe that it would.) ONLINE Conficker Test - click HERE CURRENTLY, 3/27/2009, If you have: 1] a Good, UP-TO-DATE anti-virus program installed, and set to automatically update. Note that for both 2009 & 2008, PCWorld rated Symantec's Norton 2009 Internet Security Suite the Best at overall detecting, blocking and removing Malware. In 2010, Norton was rated second - I DISAGREE, as the PCworld's Number One pick does not do a good job of removing Malware. There are other opions, no doubt. I went back to Norton two years ago - it is now very fast and thorough. 2] ALL Microsoft suggested security updates for your version of Windows (and have your computer set to always get and apply Windows updates) - YOU "SHOULD" be protected from currently known versions of the Conficker Worm. Resurgence of the Conficker virus - dt CONICKER / W32.Downadup Worm BACKGROUND Information: AFTER 4/1/2009, Conficker code alters, making it very difficult to remove (NOT a joke). Conficker blocks you from reaching any web address that includes Microsoft, Symantec, McAfee, AVG, Kaspersky, Trend Micro, F-Secure, Panda, Sophos, SecureWorks or Sunbelt in the URL. It also blocks URLs that contain 103 other names and phrases that relate to security. Supposedly Full list of Blocked URLs - scroll down - listed under "domain lookup prevention New variant of Conficker set to hit computers on April Fools Day Conficker worm "getting a lot uglier" | IT PRO How to diagnose and defeat the dangerous Conficker worm - McAfee The Conficker Worm - Norton W32.Downadup (CONFICKER - Norton Conficker - Wikipedia W32/Conficker.worm - McAfee McAfee Security Insights Blog - Conficker is no joke McAfee KnowledgeBase - Information relating to W32/Conficker worm - PDF - McAfee Three in 10 Windows PCs still vulnerable to Conficker exploit .. New Conficker Variant Detected as WORM_DOWNAD.AD | Malware Blog - TrendMicro WORM_DOWNAD.AD - Description and solution - TrendMicro Computer Experts Unite to Hunt the "Conficker" Worm OTHER RECENT MALWARE ALERTS: Psyb0t or Bluepill Worm - NASTY: Nasty New Worm, Psyb0t Targets Home Routers, Cable Modems Java Runtime Environment 8.0 Update 191 was Released 10/19/2018 Java Plugin 6 updates 31 through 38 (click-to-play), Windows should be blocked for your protection. Why was it blocked? The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary. Who is affected? All users who have these versions of the plugin installed in Firefox 17 and above. What does this mean? The problematic add-on or plugin will be automatically disabled and no longer usable. When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. Waled Malware is back again: Malware fall-out after dirty bomb news report in *your* city Waled (Malware) explosion in your city! Microsoft Warns Of Zero-Day Excel Exploit Waledac - New And Improved Storm Botnet Morphing Malware Anti-Virus-1: Sneaky New Virus (Anti-Virus-1) Spreads via Ads - eWeek.com was hacked Anti-Virus-1 Adobe PDF Exploit Signatures - 26 February 2009 CookieMonster Can Steal HTTPS Cookies - bank sites, travel sites, credit cards UPS/FedEx Delivery Failure Watch out for fake IRS e-mails Email purportedly from a private investigator investigating you New Storm Botnet Fourth of July Attack Valentine's Day (2/14/2008) Storm Worm is fast approching Microsoft Urges Workaround as Worm Hits Unpatched DNS Flaw Exploit Released for Critical PC Hijack Flaw that Microsoft thought it had just fixed Retina MS06-04- NetApi32 Scanner - Free Scanner Probes PCs for Critical Windows Bug - MS06-040 Microsoft Windows Hyperlink Object Library Buffer Overflow - 06/2006 Lavasoft Personal Firewall Privilege Escalation Vulnerability - 07/18/2006 Ubuntu has issued an update for the kernel. This fixes a vulnerability - 2006 Red Hat update for libwmf - 07/18/2006 Red Hat update for GnuPG - 07/18/2006 Red Hat update for freetype - 07/18/2006 Microsoft PowerPoint Memory Corruption Vulnerability - 07/18/2006 rPath update for kernel - 07/18/2006

ATTACK TREES

Attack Trees - wikipedia

AUTHENTICATION

Authentication - wikipedia authentication library - howstuffworks.com

BACKDOORS

Backdoor - Wikipedia, the free encyclopedia Scroll down to find BACKDOOR & other info - tutorials - How to protect ... F-Secure Virus Descriptions : Backdoor System Backdoors Explained Hidden Backdoors, Trojan Horses and Rootkit Tools in a Windows Environment PROGRAMMING BACKDOORS Placing Backdoors into a UNIX computer Computer Security 101: Lesson 6: viruses, worms, trojan horses hidden backdoors into most computer systems Remove Backdoors removal instructions Windows Backdoors: Greatest Security Breach Ever? Home Computer Security Virus, worms, trojans and backdoors Viruses, Worms, Trojan horses, Phishing and Anti-virus Software The Enemy Within: Firewalls and Backdoors

Beginner's / Novice / Newbie - Impoving computer security

Howtos, Guides, Information, Advice, Cures, Help, Newbies,...

COMPUTER SECURITY RECOMMENDATIONS Beginner's guide: How safe is your computer? - CBCnews A Few Tips to Help You Protect Your Home Computer - SANS.ORG Kevins Mitcnicks Security Advice - in blogspot - SCROLL down TO "mitcnicks" Computer Security, Firewalls, Viruses and Worms - Don Pedro Malware, Spyware, Adware Or Trojan - What's the Fuss? Defining Malware: FAQ - Microsoft The Complete Layman's Guide to Cyber Safety History of Computer Security Computer insecurity - Wikipedia, the free encyclopedia Computer Security Index - faqa.org Computer Security Group - cl.cam.ac.uk Computer Security - pelttech.com IT Security - itsecurity.com HNS - Malware of the week: Piggi.B worm, ReverseClick.A trojan and ... Computer Security for Students - Jmaes Madison University WHAT TO DO if your computer is INFECTED / How to tell if your computer is INFECTED

BetterPrivacy - Firefox Add-on to fight Flash Cookies

Ever wondered why you are still tracked though you tried everything to prevent it? BetterPrivacy is a safeguard which protects from usually not deletable LSO's (such as Flash Cookies) on Google, YouTube, Ebay... BetterPrivacy 1.85 ? - DOWNLOAD BetterPrivacy Prevents Tracking by Flash, Other "Super-Cookies ... 10 Best Firefox Addons for Security and Privacy Discourse.net: 'Better Privacy' Firefox Add-On Eats Hidden Cookies Remove non-deletable super cookies with Better Privacy Firefox addon Better Privacy Deletes Sneaky Flash Cookies From Firefox - PC World

BHOs - Browser Helper Objects (CLSID)

A BHO is a small program that extends Microsoft's Internet Explorer. Examples of BHO usage include visible add-on toolbars in IE, but can also be hidden functions. Adware and spyware as well as browser hijackers often use BHOs to display ads or follow your moves across the internet, because a BHO has access to each URL you visit and can redirect you or display other pages than you requested (sites that infect your PC with Malware or ads, for example). BHOs often use ActiveX installation programs. PERSONALLY, I BLOCK Active-X from running from non-trusted sites. I am running PCWorld's free BHODemon2 Version: 2.0.0.23, which notifies me when BHOs try to install (I can block the installation). I can also block installed BHOs from running. However, I suggest that you run Firefox instead of Internet Explorer. The CLSID list is a Tony Klein project - information about CLSIDs - Sysinfo.org BHODemon 2.0.0.23 - PCWorld Browser Helper Objects: The Browser the Way You Want It Browser Helper Object - Wikipedia SpywareInfo > Browser Helper Objects (BHOs) What is a Browser Helper Object? A CLSID is a globally unique identifier that identifies a COM class object What Is CLSID? - ezinearticles.com/ CLSID (Class ID) Definition CLSID List (Windows Class Identifiers) Globally Unique Identifier - Wikipedia SourceForge.net: Files What is CLSID? - A Word Definition From the Webopedia Computer ... The clsid: URL Scheme RFC 1738 - Uniform Resource Locators (URL) Inserting Multimedia Objects in HTML OSF DCE/RPC

BLACKBERRY & Related Mobiles / PDAs

BlackBerry Update Fixes Phishing Flaw - 10/1/2009 See also: PDA Viruses

Black Listed web sites - Thought malicious and/or Intrusive

NOTE - These lists may be in error - Use this information at YOUR OWN RISK URL blacklist - Alleged Intrusion Sites Spam Links - Blacklists / Blocklists URL.blacklist.com - a 15MB, compressed file - can download ONCE for free See also WHITE LISTED WEB SITES

Bluetooth Vulerabilities

PC World says: Disable "open" Bluetooth on your phone or PDA. Bluebugging - stealing mobile phone commands Bluejacking - sending unsolicited text messages Bluesniping - using a laptop and powerful antenna to attack from a distance Bluesnarfing - stealing information War-nibbling: driving around looking for Bluetooth signals to attack Bluetooth Security - learnbluetoothtechnology iPhone's Bluetooth Bug Under Hackers' Microscope Securing Bluetooth Devices Detecting and Attacking Bluetooth-Enabled Cellphones at the Hannover Fairground existing Bluetooth hole has been opened wide - Security watch 6/6/6/05 Bluetooth - Information about CLICK HERE for more information about BLUETOOTH

BROWSER HIJACKING

Has Your Browser Been Hijacked? Browser Hijack Blaster (free) - Stop Web sites from changing your home page without your permission. AdFree v3.1 - replaces animated banner ads with a dummy - free AdAware Plus, $27, also blocks hijacking.

BROWSER REDIRECTION (mis-direction

Please see cross-scripting

BROWSER SECURITY

Browser Compatibility Tutorial Browser Fingerprinting Can ID You Without Cookies The Ghost In The Browser: Analysis of Web-based Malware - PDF - Usenix Mozilla to Disable ANI Exploits Path of Entry - 4/5/2007 Best Free Browser Protection Utilities - techsupportalert.com Scanit - browser security-check Web site Qualys - browser security-check Web site Play It Safe With the Right Browser Security Settings Browser Info & Updates - CNet

BROWERS - SURFING MORE WEB SITES SAFELY

Plugins/software to warn you of dangerous web sites. Free SiteAdvisor Ver 29 - McAfee - recommended by MYSELF and PCworld Microsoft has added SiteAdvisor info to their new "bing" search engine - Google, Yahoo and now bing (Livesearch) display McAfee SiteAdvisor info. McAfee SiteAdvisor - Wikipedia Scandoo (public beta) - toolbar - recommended by PCworld 10 Greasemonkey scripts you shouldn't browse without Keystroke loggers - and FOOLING KEYLOGGERS Firefox Still Tops IE for Browser Security

BROWSER VULERABILITIES

New Opera v9.51 fixes couple of security issues Click-to-Call Bug Found in iPhones, and probably are in other phone Browsers Firebug was discovered to have a vulnerability - update to version 1.04 FireFox users really need to install the Microsft ANI (Animated Cursor) Patch of 4/3/2007 More IE & Firefox Vulnerabilities The Adobe Reader vulnerability also effects Browser plug-ins for IE and Firefox Opera users need to update to version 9.10 in order to eliminate two threats. vulnerability in Web-hosted PDF files revealed Adobe Reader 8 is not vulnerable to this problem. I just noticed that Adobe Reader 11.0.9 is available

BUSINESS DATA SECURITY

Protecting Personal Information: A Guide for Business - FTC

CELL PHONE MALWARE, VIRUSES & VULNERABILITIES

Cell phone numbers will NEVER be "released to the public". This is a HOAX - stop falling for this hoax Apple malware hits 75,000 iPhones Cell phone security: How safe is your information? - WRAL-TV iPhone security flaw could give hackers "complete control" MMS virus discovered MMS - Multimedia Messaging Service Cabir - This Time, Cell Phone Virus Is for Real skulls trojan attacks Symbian phones Nokia 7610 Smartphones suffer Skulls attack - ruins the phone

CELL PHONE SECURITY

7 essential steps to secure your smartphone or tablet security researchers recommend disabling your smartphone or tablet's voice features ASAP ANDROID - What to look for in Android permissions ICLOUD - Following celebrity hacks, here's how to secure your iCloud account The first five apps to install on your new Android device

CERT

CERT - Home Computer Security CERT - Home Network Security Information Technical Cyber Security Alerts - US-CERT CERT - Computer Emergency Response Team - Carnegie Mellon US-CERT Vulnerability Notes Database

CERTIFICATES

spoof a certificate and impersonate a legitimate Website

CONFERENCES & CONFERENCE PAPERS

(free) Secure Virtualization - Tuesday June 02, 2009 - LA - Linkedin

CISCO Vulnerabilities

TA08-087B - Cisco Updates for Multiple Vulnerabilities - March 27, 2008 Cisco Releases IOS Bundle of Vulnerabilities - 2009-03-25

Cleanup your computer and it's Hard Drive

This section discuss cleanup, NOT removal of Malware. While I believe this to be a very good article, I don't agree with the choice of anti-Malware, as Norton's 360 is usually rated best and is MUCH faster (almost the fastest) than it was two years ago (I've switched back to Norton) - there will always be other opinions: How to Perform a Complete Computer Cleanup - Ed Coyne I use paid (Webroot's Window Washer) or free programs (CCleaner) to remove temporary files every time my system reboots.

COOKIES - COOKIE INFORMATION

Dangers of IE 'Cookiejacking': What You Need to Know Surfjack tool allows you to detect GX HTPPS cookie mis-management on user specified sites CookieSafe - Firefox Add-on Cookie Central Both Ad-Aware & Spybot remove cookies Unofficial Cookie FAQ Information About Cookies on Microsoft.com What is cookie? - A Word Definition From the Webopedia Computer HTTP cookie - Wikipedia, the free encyclopedia Howstuffworks "How Internet Cookies Work" How to Enable Cookies Client Side State - HTTP Cookies - The original cookies specification HTTP Specifications and Drafts - Cookies Time for a new (HTTP) Cookie recipe? - Implementer's notes HTTP-wg Archive: errata for cookie spec O'Reilly Network -- Cookie Specification Vulnerabilities Bug ID: 4391956 Cookie: API should enforce Cookie spec when ... PROBLEMS WITH SPECIFIC COOKIES: Gmail cookie vulnerability exposes user's privacy CLICK HERE for information about FLASH COOKIES

CRAPWARE REMOVAL

I always start with CCleaner - both the File cleanup AND the Registry Cleanup. When asked, ALWAYS backup your Registry prior to letting CCleaner make changes. Five apps for crapware cleanup

CREDIT CARD VULNERABILITIES

Obama signs order to protect consumers from identity theft - Oct 17, 2014

CHIP and PIN Smart Cards have been hacked for Years

Black Hat 2014: A New Smartcard Hack - IEEE Spectrum 'Smart credit card' terminals can be hacked too - Aug. 8, 2014 Chip and PIN is broken, say researchers - ZDNet - Feb 11, 2010 Target hack overreaction No. 2: Chip cards will stop fraud! No, they won’t. Here’s why Target Breach: Why Smartcards Won't Stop Hackers Hack-Resistant Credit Cards Bring More Safety—at a Price Still, chip-and-pin technology is no panacea. You’ll still have to worry about payment fraud in online transactions. Chip-and-PIN cards easily cloning with the pre-play attack Pre-Play Vulnerability Allows Chip-and-PIN Payment Card Ebook Vulnerabilities in First-Generation RFID-enabled Credit Cards - 7/11/2009 WARNING: Credit Card (Chip and PIN) Hack Attack - DaniWeb Researchers at the University of Cambridge Computer Laboratory have revealed how the Chip and PIN credit card security system is flawed and left vulnerable to fraud. Wireless identity theft - Wikipedia President Obama's Credit Card Was Declined The safest credit card ever? with builtin FINGER PRINT READER "MasterCard to launch a new credit card with a built-in fingerprint scanner. The scanner gets power from the payment terminal to work, so there's no battery on the card to ever run down." - Kim Komando I don't know how you would use it for ONLINE purchases. I can see where you could have a special USB cable for your PC. - DRW

CHIP and PIN CREDIT CARDS COMING TO THE USA IN 2015

WARNING in EUROPE. MOST CREDIT CARD (Chip and PIN) HOLDERS ARE, THEMSELVES RESPONSIBLE FOR ANY FRAUD, SINCE THE BANKS STATE THE CARDS ARE NOT CRACKABLE (so I read). ENSURE YOUR NEW CHIP AND PIN CREDIT CARD DOES NOT LEAVE YOU WITH THE LIABILITY Secure credit cards (chip-and-PIN) coming in 2015 - Worldnews.com Chip-And-PIN Credit Card Changeover In 2015 - Business Insider

CROSS-SITE SCRIPTING (XSS)

NoScript

NoScript is an excellent FireFox add-on that (mostly) prevents Cross-Site scripting from being used to destroy your computer via a web page directing your web browser to a different site, and installing malicious software. I highly recommend running https://www.mozilla.org/en-US/firefox/ - CLICK HERE for DOWNLOAD - released with the FireFox 70.0.1 (Quantum) web browser, INSTEAD of Microsoft's Internet Explorer). US-CERT now recommends NoScript as a secure browsing practice. THIS IS NOW OLD NEWS, BUT MAY STILL BE OF INTEREST:? While I love the NoScript add-on for FireFox, version 1.8.1 broke my access to (Time-Warner) Road Runner's Web Mail service. Upon investigating, I found that I had to: 1] open the NoScript OPTIONS window 2] Select HTTPS 3] DE-select ENABLE AUTOMATIC SECURE COOKIES MANAGEMENT in-order-to be able to access my email via FireFox 3.0.6 THIS WAS FIXED - NoScript's defaults were changed. I also recommend (in the NoScript Options window): 1] Clicking on the UNTRUSTED tab 2] Click on (select) FORBID 'WEB BUGS' 3] Click on OK Automatic Secure Cookie Management, is now turned OFF by default. NoScript (LATEST, FREE Version) - CLICK HERE for DOWNLOAD, version 10.1.3c3, a free Mozilla Firefox Extension, blocks Cross-site Scripting (XSS).
Cross-site scripting - Wikipedia CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client ... Cross Site Scripting (XSS) questions and answers What are some links I can visit to help me further understand XSS?

Other Cross-Scripting (XSS) Information

The beginning of the end of popup porn, Facebook worms and cross-site phishing? - 10/2009 A cross-site scripting vulnerability - Whitepapers - www.technicalinfo.net Microsoft Security: Cross-Site Scripting Security Vulnerability Anti-Cross Site Scripting - MSDN (Microsoft) Cross Site Scripting Info - apache.org Cross-site scripting - IBM perl.com: Preventing Cross-site Scripting Attacks Cross Site Scripting - OWASP Cross-Site Scripting Worm Hits MySpace Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability Ajaxian - Ajax Cross Domain Script Cross site scripting / XSS - How to find & fix it with a web scanner WebEvent "cmd" Cross-Site Scripting Vulnerability - Advisories ... Mitigating Cross-site Scripting With HTTP-only Cookies [Cross-site Scripting] Threat Classification - Web Application ... Adobe - Cross-site scripting vulnerability in versions 7.0.8 and ... DOM Based Cross Site Scripting or XSS of the Third Kind] Web ... Download details: Anti-Cross Site Scripting Library V1.5 - Microsoft Top 10 2007-Cross Site Scripting - OWASP How to prevent cross-site scripting security issues Amazon.com: XSS Exploits: Cross Site Scripting Attacks and Defense ... Cross Site Scripting Scanner - XSS Security Audit - 42% were found to be vulnerable SA-2007-026 - Drupal Core - Cross site scripting via uploads ... Kallahar's Place: PHP XSS (cross site scripting) filter function Advanced Cross Site Scripting by Gavin Zuchlinski http://libox.net The Anatomy of Cross Site Scripting - PDF Cross Site Scripting Vulnerabilities Cross-site scripting the top security risk - Network World

Cordless Phones

Buy only Digital cordless phones that use Encryption. (anyone can listen to your analog or un-encrypted digital phone conversations). I would buy only the phones that use the 6.0 MHz spectrum. I personally prefer the phones made by Uniden.

Data Held for Ransom

A malicious type of attack dubbed "ransomware" is on the rise. Strange as it sounds, one of the newer dangers is software that Encrypts your data, and then demands that you pay a ransom of as much as $400 USD to get access to your data. This technique targets Windows users. Often, ransomware encrypts the Windows Master Boot Record (MBR). Ransomware warning issued to Congress following attack Cryptowall 3.0 reported to cost victims $325 million - NO END IN SIGHT "Phishing attacks were found to be the infection vector for about two-thirds of the attacks, with exploit kits being used in most of the remaining attacks. While the overall damages were quite high, individual ransoms ranged from a few hundred dollars to over one thousand dollars." BEST "SOLUTION" - BACK UP YOUR SSYTEM OFFLINE (to anywhere NOT on your computer, as that may get destroyed by the malware. Cryzip is an early example of such a program. Cryzip locates 44 different file types, zips them into an encrypted zip file, deletes the original files, and then presents you with a ransom demand. Sometimes you can recover most of your files with an undelete program. Some free File Undelete programs are here, at PC World. Other Free File UNDELETE Software PC World recommends that you do not pay the ransom, nor go to any specified links. Instead, make a police report, using an uninfected computer, search the Internet for the text in the ransom "note".

Data Held for Ransom - LINKS<>/b>

How to rescue your PC from ransomware - PCworld 'Ransomware' Threats Growing - 1/18/2011 Gpcode Holds Your Documents for Ransom - scroll down New, worse version of a Data Held For Ransom Virus Detected - Upgrade your browser Ransomware... Holding Corporate America Ransom! - NTOS.EXE" Master Boot Record rootkit - Jan 2008 Ransomware attacks target Symbian mobiles Ransomware data kidnapping on the rise Arhiveus - 2006 Kaspersky calls it Zippo and Panda Labs calls it ZippoCryptor. The latest Trojan to hold people's data hostage apparently has a flaw. The password for all systems is the same and is stored in plaintext on the victim's system, according to LURHQ. The password is C:\Program Files\Microsoft Visual Studio\VC98. New Trojan is Holding Data Ransom Data Ransom Attempt Shows Need for Vulnerability Management

Data In Motion (enterprise data loss)

Data in Motion describes enterprise data that is in the midst of being accessed, stored, sent to remote sites, archieved. The main premis is that it might be easier for criminals to gain access to data that is being moved. There is a lot of emphasis put on securing data in motion (encrypting), and not as much thought into storing the data as encrypted. I.e., it might be much easier for criminals to hack into non-encrypted, stored data, than to try to decrypt secured data in motion. Data in Motion, And At Rest - Storage Blog - InformationWeek Cloud computing's nemesis: data in motion | insideHPC.com Transparency data in motion - Jon Udell Securing data in motion vs. data at rest? It's the wrong question Security Efforts for Data In Motion Should Be Put to Rest Data in Motion - Forbes.com Data security - wikipedia (free) 1-day Data Protection Seminar: Boston - Wednesday, Dec. 10, 2009 See also ENCRYPTION See also Secure Connections

DB, Oracle, SQL,... Vulnerabilities

Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability Oracle Secure Backup Administration Server login.php Command Injection Vulnerability Oracle Secure Backup Administration Server login.php Command Injection Vulnerability

DHCP Vulnerabilities

How to defend against rogue DHCP server malware

DNS Vulnerabilities

DNS Cache Poisoning: What You Need to Know - Cisco white paper Permanent fix needed for DNS security issues, Kaminsky warns at Black Hat TA08-190B - Multiple DNS implementations vulnerable to cache poisoning

DNS CHANGER MALWARE - IMPORTANT

DNS CHANGER MALWARE MAY PREVENT YOUR COMPUTER FROM ACCESSING THE INTERNET AFTER JULY 9, 2012 (If your computer is infected). The short story is, if your computer is infected, it has been looking at the wrong Internet site to get the correct Internet address. Bad guys caused this. The FBI put the bad guys out of business, but infected computers still point to bogus Internet sites. For a While the FBI was running the bogus sites to allow infected computers to correctly search the Internet, but this is TOO expensive, so the FBI is going to stop maintaining these bogus internet sites on July 9, 2012. After July 9, 2012, Infected computers will not be able to access the Internet, because they do not know the real location of the Internet web sites. There is a simple test that you can perform to see if your computer is one of the infected computers. DNSChanger is not the end of the world FBI Steps Up 'Internet Doomsday' Awareness Malware Campaign FBI says infected users must deal with DNS changer malware or risk losing Internet in July, 2012. FBI Warning: Computer DNS Changer Malware - PDF How can you detect if your computer has been violated and infected with DNS Changer? Click here (if you reside in the USA) to test for the DSN Virus Click here for GOOD DNS IP ADDRESSES DNS Changer Virus FIXERS

DoS - Denial of Service

Denial of Service Attacks - CERT Denial-of-service attack - wikipedia Denial of service denial

DOWNLOADS - Useful Software & caveats

1] Always download from reputable sites - some sites considered safer than most might include: tucows, download.com, PCworld and Jumbo. NOTE that very rarely, even these sites get hacked. 2] If you know the maker of the software, got to their site. I recommend using Google to locate the real site, rather than keying it in. 3] Browsers such as FireFox 70.0.1 (Quantum) and Newer will use your computer's anti-virus to scan downloads on-the-fly. What's the Safest Way To Download Software? DOWNLOADS OF POSSIBLE INTEREST: All Privacy & Security Downloads - PC World

DOWNLOADERS

Downloaders are simple Malware programs used to download dangerous programs that try to steal your identity, passwords, money, and everything else that they consider useful to them. Armed and Dangerous: The New Generation of Web-Based Viruses from St. Bernard - white paper Dealing With Downloaders Downloader after downloader

DROPBOX - DropSmack HACKS DROPBOX SITES

DropSmack: Using Dropbox to steal files and deliver malware

ELECTRONIC GADGEST ARE OFTEN INFECTED

Electronic Gadgets Often Full of Computer Viruses computer virus recently discovered on digital photo frame

Email - Protection / Scanning

eCARD and eMAIL SCAM Information guerrillamail - disposable e-mail addresses which expire after 15 Minutes How to Scramble your Email Address Simple way to ENCRYPT your data and email it Most Malware / Virus checkers will also scan your incoming, and perhaps your outgoing email, on (autoamted) request. Ensure that it can scan YOUR email program - for example, I use Moziila's Thunderbird, with which Norton and others work quite well. The complete guide to using Gmail with Thunderbird, Mozilla Mail FBI eMail Scam list - signup for their email For more information about eMail and eMail security problems - CLICK HERE

EMULATION (WINE on Linux,...

Spyware Horror Story: Toxic Wine - A WINE Virus effecting Linux systems Linux/BSD still exposed to WMF exploit through WINE!

ENCRYPTION (Click here)

ENCRYPTION FLAWS

Hacker Cracks Secure Hashing Algorithm Using Amazon Cloud - COST?: just $ 2.10 Evil Maid goes after TrueCrypt! Flaw Endangers Debian-Based Encryption Keys to break into a computer's encrypted hard drive? Just freeze the machine's memory chip

ETHERNET / 802.11 SECURITY - subjects not covereed elsewhere

The Unofficial 802.11 Security Web Page CLICK HERE for more information about ETHERNET

EULA - End User License Agreement

Click here for more information about EULAs EULAnalyzer - checks EULAs for bad agreements

EVENTS / CONFERENCES

Pending...

EXCEL ATTACKS

Pump-and-dump scammers turn to Excel Microsoft Posts Excel 'Zero-Day' Flaw Workarounds

FACEBOOK / MySpace / Twitter,...SCAMS & MALWARE

IN MY OPINION - NEVER LIST ANY PART OF YOUR BIRTHDATE ON FACEBOOK or any other website - it makes it easier to steal your identity. Do NOT download any plugins requested by Facebook, MySpace,... messages - IT IS USUALLY DANGEROUS MALWARE. Do NOT respond directly to emails caliming to be from Faebook (log in, instead). FACEBOOK: Malicious IM/Messenger Msg of a ZIPped Java .JAR file infects your computer Easily Delete or Remove Facebook Applications 2 killer ways to keep Facebook hackers out of your account - komando.com How to Stop Facebook from Using Facial Recognition on You A few months ago, Facebook took the stage with a slew of questionable privacy changes Facebook Denies Privacy Breach Allegations by Symantec Facebook Security Flub: Social Network Exposed Your Private Data to Advertisers 100,000 Facebook Apps Have Been Accidentally Leaking Personal Data For Years Facebook Privacy Fail: Apps Leak Private Info, Report Facebook Clickjacking Attack Spreading Through Share Button I STRONGLY SUGGEST THAT YOU READ & HEED THE FOLLOWING LINK's INFORMATION - (You can choose not to become an endorser of these products or companies by making tweaks to your privacy settings.): Can You Protect Your Image (pictures) While on Facebook? ***** iPad and iPhone 4 tester scams hit Facebook 70% rise in social networking spam and malware reports Which social network poses the biggest risk? Researcher: Flaws In Facebook App Authorization Could Lead To Clickjacking - Jan 20, 2010 Facebook Rolls Out Its New Privacy Settings 10 Facebook Don'ts - infosecisland Facebook privacy: a guide Identity theft: How a Rubber Duck can outfox Facebook users Sophos Australia Facebook ID probe 2009 a safer Twitter for 2010 - Sophos Cisco Systems report: Criminals target social networks like Facebook, Twitter Fake anti-virus virus proclaims to be your Facebook friend - October 1st, 2009 A Nice Big FriendFeed (a social website) Bug: Impersonate Anyone! Some Facebook Privacy issues to consider Security Threat: WordPress Under Attack - UPDATE youir WordPress - September 5, 2009 These Twitter Worms could probably have been stopped by using NoScript. Twitter shaken by worm attacks worm-madness-twitter twitter-users-warn-attack Twitter Worms (Mikeyy worm) Vanquished--for Now - 4/16/2009 "Teen Claims Responsibility for Twitter Worms" "Twitter Worm Attack Continues: Here's How to Keep Safe" Microsoft puts the kibosh on Facebook worm Koobface Elaborate Facebook Worm Virus Spreading Facebook Worm Comes From Infected Friends -- Internet Security Facebook worm hijacks web search - The Registe 5 Facebook Scams: Protect Your Profile

FAX HOAXES / MALWARE

Phishing Alert: Fraudulent Email Claiming to be Incoming Fax Email Phishing Alert: Fake INCOMING FAX REPORT Email INCOMING FAX REPORT : Remote ID: 8169349218? Incoming Fax Email Scam - Seymour IN Perry's Computer Repair

FIBRE OPTICS SECURITY PROBLEMS

Fiber-optic networks can be eavesdropped on using equipment costing as little as $1,000

Firefox / Mozilla - WEB BROWSER

It is my belief, and that of some other experts, that using Firefox is safer than using Internet Explorer. Firefox 70.0.1 (Quantum) is out - CLICK to DOWNLOAD LASTEST Version Mozilla and Tor issue patches for Firefox flaw exposing Tor users. I AM USING FF 70.0,1 (Quantum) NOTE: Firefox 52.0.3 and later, does NOT use JAVA - so no Java plug-in. I no longer update Firefox as soon as a new version is released: 1) unless all of my plug-ins can be updated (they are). 2) OR they fixed some security bug in the newer version. THE PROBLEM, BELOW, WAS RESOLVED IN FIREFOX 3.x: "Warning to all Firefox users: the Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows, installs the Microsoft .NET Framework Assistant firefox extension without asking your permission. This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer" says http://www.annoyances.org/ - USE IE, NOT Firefox to print THIS Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension MY RECOMMENDED ADD-ONSs for FIREFOX: NoScript Version 10.1.9.1 - for Firefox - YOU NEED THIS PROTECTION McAfee SiteAdvisor (FireFox and Internet Explorer) Version 3.4.0 Microsoft has added SiteAdvisor info to their new "bing" search engine - Google, Yahoo and now bing (Livesearch) display McAfee SiteAdvisor info. IDND - Version 1.5.1 FireFox Articles, vulnerabilities: Essential security updates for Adobe and FoxIt PDF readers Smart Ways to Use Mozilla Firefox

FIREWALLS

I strongly recommend BOTH a Hardware Firewall and a Software Firewall (free ZoneAlarm works very well). ZoneAlarm (and other such software) can prevent those spyware and keylogger programs from "calling home" with your personal information. A Hardware Firewall helps prevent Hackers from coming INTO you computer. I have replaced the excellent ZoneAlarm Firewall (my favorite) with the Firewall that comes with Norton's 360 (Internet protection Suite). This way, I know that there are no conflicts between using softwar from different vendors. I am NO LONGER using ZoneAlarm Pro - I use Norton 360, instead. TEST YOUR FIREWALL Best Free Firewalls - techsupportalert.com What is firewall? - Webopedia How Firewalls Work - howstuffworks Understanding Windows Firewall in Windows XP Service Pack 2 - Microsoft Why you should use a computer firewall Firewall FAQ Firewall Q&A Programmatically controlling a UPnP Firewall - Knox North 2008 Firewall Software Report - toptenreviews.com Free Software Firewalls Differences and Features of Hardware & Software Firewalls Firewall Debate: Hardware vs. Software Hardware Firewalls vs. Software Firewalls Firewalls: Hardware and Software - AntiOnline (5/2004) Is the Windows XP firewall enough? What does a router (hardware) do? Internet firewalls: Frequently asked questions What You Should Know About Firewalls - PCWorld Home PC Firewall Guide Firewalls and Internet Security Firewall Reference Books The Windows (DOS) command: netstat -an will list all your open ports SEE Also: IP FILTERING SEE ALSO: What To Do

FIREWALLS, HARDWARE

These can be purchased as standalone "appliances", but people usually buy them bundled with Cable/DSL Routers (they are part of that product - read the information on the box). I and most security experts believe that even home users need both a Hardware Firewall and a Software Firewall. Hacker pierces hardware firewalls with web page - No interaction required Firewalls: Hardware ***** Do You Know - Hardware Firewalls Hardware Firewalls - cybercoyote LeakTest - Hardware Firewalls/NAT Routers Hardware Tips: Keep Your PC Hidden From the Bad Guys - PCWorld What Hardware Firewalls Does ScamBusters Recommend?

FIREWALLS, SOFTWARE

Software Firewalls are a MUST to help prevent Malware from sending your private information out to the crooks. While Zone Alarm is my favorite software Firewall, I have switched to using the Firewall that comes with Norton's 360 - this way, there are no conflicts between software from different vendors. 2013, 2012, 2011 and 20120 Norton's 360 keeps getting rated the best or near-best in: 1] Virus detection and removal 2] Malware detection and removal 3] Rootkit detectiona and removal. 4] Bot detection and removal 5] Software Firewall 6] Password Safe 7] Speed of checking for bad software 8] Speed of updating itself 9] Registry Repair (hard to find, but it's there) 10] Email Checker BOTH Incoming and Outgoing Handles: Microsft, Thunderbird, Mozilla 11] Warns of unsafe web sites 12] Fixes corrupted files and directory structures (if possible) 13] AND SO ON - READ ABOUT IT ZoneAlarm - Free and Professional - my favorite Comodo Firewall Pro - a good one COMODO FIREWALL PRO VERSION (3.0) - CNET 5-STAR Rating Comodo Firewall Pro 3.0 - Review - PC MAGAZINE SmoothWall Express - smoothwall dot org Use SHIELDS UP (grc.com) to see if your Firewall works - Highly rated Software Firewalls - Norton Internet Security Software Firewalls Software Firewalls versus Wormhole Tunnels Software Firewalls: Made of Straw? Part 1 of 2 SEE ALSO - LINUX FIREWALLS See also: IP Info See also: IP Addressing See also: IP Masquerade See also: Linux IP Masquerade See also: IP ROUTING - START HERE and go down the page See also: IP Sub-Netting See also: IP Filters/Filtering, Port Forwarding & IP Firewall Administration See also: IP Management See also: IP Multitask

FLASH COOKIES / Local Shared Object (LSO)

DELETING FLASH COOKIES (LSOs)

(How to) Eliminate Flash-spawned 'zombie' cookies How to Delete Flash Cookies Conveniently Four Options To Deal With Flash Cookies BetterPrivacy - Firefox add-on, DELETES FLASH COOKIES How to delete flash cookies [blogmag.net] How to Delete Flash Program Cookies - eHow.com Delete Flash cookies to protect online privacy - techrepublic - Video Delete cookies, disable or enable cookies (including Flash Cookies) Delete Flash Cookies saved by Internet browsing Flush.app - Flash Cookie Removal Tool For OS X | MacHacks.TV Adobe - Flash Player - Settings Manager - Website Storage Settings ...

FLASH COOKIE (LSOs) INFORMATION

Flash Cookies explained Schneier on Security: Flash Cookies You Deleted Your Cookies? Think Again - Epicenter - Wired.com Local Shared Object (LSO)- Wikipedia I'm A Super.com - Flash Cookies: The Silent Privacy Killer Flash Cookies: Local Shared Objects - Best Flash Are Flash Cookies Devouring Your Privacy? - Network World EPIC Flash Cookie Page See what Google finds about Flash Cookies Flash Cookie Privacy Test

FLAWS / VULNERABILITIES / CVE - Software

National Vulnerability Database (NVD) - NIST - includes US CERT, CVE US-CERT Vulnerability Notes Database CVE - Common Vulnerabilities and Exposures Open Source Vulnerability Database - OSVDB Acticle about the above NIST Vulnerability Database OVAL - Mitre Standard Eases Vulnerability Research SPEFIC FLAWS: Gmail cookie vulnerability exposes user's privacy VML vulernability - MS fix is out - can be infected just by viewing a Web page - JAN 2007 Acer Preloaded Vulnerability - 1/16/2007

FREE SECURITY PROGRAMS

15 free security programs that work Microsoft Security Essentials - FREE Virus, Spyware & Malware Protection Download Malicious Software Removal Tool - Microsoft Families Cleaned by the Malicious Software Removal Tool SEE ALSO THESE FREE VIRUS/TROJAN REMOVERS

FTP (all varieties) VULNERABILITIES

can allow an attacker to execute malicious commands on an FTP server - 9/2/2009 Spamhaus Blog - Spam, Malware and FTP cracks Finjan Finds Database of 8,700 Stolen FTP Credentials New Trojan stealing FTP credentials, attacking FTP websites

GOOGLE, Gmail & GOOGLE DESKTOP VULNERABILITIES & NEWS

Gmail users A scary new plug-in can tell Gmail users when - and where - you opened your email Google is about to give anyone your email. Sigh. Attackers Using Google Image Search to Distribute Malware How Google Spies on Your Gmail Account (And How To Stop It) Google Desktop Vulnerability - the fix is in version 5.0.0701.30540

GPS MAKES STALKING EASY

DIGITAL PHOTOS PUT YOU AND YOUR CHILDREN AT RISK

MOST modern digital pictures contain a GPS location showing where the Picture was taken. This is IDEAL FOR STALKERS. Newer cameras are including GPS. Smart cell phones have always had GPS on them. You can usually turn GPS off. NOTE - AM TALKING ABOUT THE DIGITAL FORM OF THESE PICTURES, NOT a printed picture. One concerned company took one child's picture posted on a social web site, and in 20 minutes, had the Child's Name (a 12 year old girl), the exact location of her BED in her bedroom, home address, school address, playground location, BABYSITER'S NAME AND ADDRESS and more - REALLY SCARY FOR PARENTS. GPS data on Cell Phone and Camera PICTURES can put you and YOUR CHILD in Danger: What Your Digital Photos Reveal About You and YOUR CHILD- TechHive ALL PARENTS NEED TO READ THE ABOVE ARTICLE (click on the URL, above) GPS on Cell Phones and Cameras can put you and YOUR KIDS in Danger - CBS Smartphone Pictures Pose Privacy Risks - Snopes Warning: Smart phone images use GPS trackers to mark your location How to Remove Location Information from Mobile Photos - Idea Lab Online cellphone photos pose risk to kids safety - Technobabble Tracking via Your Cell Phone Pictures - YouTube Tips to Turn Off Geo-Tagging on Your Cell Phone - ABC News How to GPS Track a Cell Phone: 6 Steps (with Pictures) - wikiHow How to find gps coordinates on google maps from a cell phone photo Stalkers Exploit Cellphone GPS - Mobile Location Tracking - WSJ.com What Your Digital Photos Reveal About You - TechHive Show me how to retrieve deleted pictures from android cell as in any cell, if the pictures were on the flash card AND you have not used the card much since the deletion - any software for recovering missing files should work - read the box to be sure or call the recovery program company direct and ask them. NOTE - IT IS EASY TO DO A REVERSE LOOKUP ON A PHONE NUMBER AND GET THE NAME AND ADDRESS OF THE OWNER FOR LAND LINES, IT IS HARDER TO DO THAT FOR CELL PHONES. I have also used the reverse lookup to find owner and phone number from an address. YOU MAY USE SKYPE ON COMPUTERS, CELL PHONES (Android, iPhone, Blackberry & Windows Cell Phones) and OTHER MOBILE DEVICES: SKYPE for CELL PHONES More about REVERSE PHONE NUMBER LOOKUP

Government, Federal & Official Sites - Reporting Problems

National White Collar Crime Center (NW3C) More coming soon.

GSM Vulnerabilities

German hackers crack GSM encryption - 25th August 2009 See also GSM See also GSM TESTING

DATA BREACHES - SPECIFIC SITES

THOUSANDS OF Gmail accounts just hacked - was yours one of them? - 9/10/2014 Home Depot hacked - 9/2/2014 UPS Data Breach Target, UPS, SuperValu hacks: All connected and way worse than we knew Major Banks Hacked Nuclear Regulatory Commission hacked multiple times by foreign powers Another payment card hack! Albertson's, SuperValu and more hit 4.5 million people's healthcare data stolen California DMV Warns of Possible Credit Card Hack Your home router is an easy target for hackers Data breach at Mozilla! Users' personal info leaked Target, Neiman Marcus, Michaels, P.F. Chang's - HACKED ANDROID: Alert: Serious security flaw in millions of tablets and smartphones Guess which browser has the most security flaws Goodwill Industries Data Breach Russian hackers attacked American power plants Everyone in Montana was possibly hacked Hackers hit Evernote and Feedly, hold data for ransom Major security flaw brings down TweetDeck A scary new security flaw lets hackers into millions of smart TVs Can your smart appliances get hacked and turn on you?

HACKED / BREACHED SITES - Data Stolen From These Companies

HEARTBLEED - World's largest Data Breach = April 2014

Enter a URL to see if a site is vulnerable to the Heartbleed attack - Norton Heartbleed: Instantly detect it on your ANDROID phone or tablet 5 myths about Heartbleed you shouldn't believe HEARTBLEED gets WORSE - CISCO and JUNIPER routers, switches and firewalls HAVE the PROBLEM - 4/11/2014 Check any site for the Heartbleed bug right now Which sites are affected by 'Heartbleed'? (DATA STOLEN) Here’s a quick list of the major sites that were affected. These are the accounts you need to take care of immediately: These are the accounts you need to take care of immediately - KIM KOMANDO

HEART BLEED BUG BACKGROUND INFORMATION

‘Heartbleed’ super bug exposes your information on tons of websites How Sites are Dealing with HearBleed DATA BREACH - Komando.com The chilling ‘Heartbleed’ bottom line: ‘Change all of your passwords everywhere’ CRITICAL INFO: CHANGE ALL PASSWORDS. Heart bleed Heart Bleed Bug Test: What You Need to Know, Including ... 5 Ways to Protect Your Device From Deadly Heart Bleed Bug 'Heartbleed' Bug Exposes Passwords, Web Site Encryption ... Everything you need to know about the Heartbleed SSL bug Heart Bleed Virus Update: Open SSL Computer Bug

OTHER DATA BREACHES

200 million IDs compromised in massive credit-bureau scam - komando.com How to FREEZE your CREDIT to Deter Theft New report: Two more retailers were hit at the same time as Target "The year 2013 saw more than 450 data breaches across e-commerce websites, social websites, government organizations, medical companies and just about any other type of company. I (Kim Komando) predict 2014 is going to be even worse." - Data Breaches - Kim Komando The biggest breaches in 2013 were Adobe, LivingSocial and Target. Among them, they lost more than 200 million customer records, but in very different ways - See more - Click here NOW OVER 110 MILLION TARGETR CUSTOMERS WERE EFFECTED IN ID DATA THEFT A few months ago, Facebook took the stage with a slew of questionable privacy changes Target-style security breach also struck Neiman Marcus and others 3 big NEW Facebook privacy changes - 12/2013 Adobe hacked - 180 MILLION people's IDs, credit info stolen Citigroup Confirms Hackers Stole Customer Data - June 09, 2011 LulzSec Hackers Hit Nintendo, FBI Affiliate Websites PBS Website Hacked With Fake News Sony Hacked Again, 1 Million Passwords Exposed A security researcher was able to collect information from Google Profiles and save millions of files Hackers steal Fox TV EMPLOYEES passwords, deface Twitter and LinkedIn pages

HACKERS, ANTI, Information

NOTE: Strictly speaking, "Hackers" are not neccessarily bad guys, but these days, "Hackers" is a commonly used term for people who do "bad things" to other people's computers and/or software. Security Tip: Buy Password-Cracking Software Excel Password Recovery PGP users can be tricked - don't know if it's still true computer security resource - secureroot

HARDWARE DIAGNOSTICS

Hardware Diagnostics - PCworld Troubleshooting CLICK HERE for more information about FIRMWARE CLICK HERE for more information about HARDWARE

COMPUTER HARDWARE, PROTECTING YOUR

SURGE PROTECTORS WHOLE HOUSE Surge Protectors UPS / AVR Power Cleaners / AC line Filters GFI / GFCI / RCCB AFCI

HIDS - Host Intrusion Detection System

HIDS analyzes and keeps track of the OS internals, looking for attempts at intrusion. Minimum IDS Recommendations - linux-sec.net Aid - similar to Tripwire, but open source Osiris - Open Source OSSEC - an Open Source HIDS Samhain - Open Source ThirdBrigade

Tripwire

Offers change management and auditing solutions which provide regulatory compliance, network security, and system availability. Tripwire Looking for Open Source Tripwire? - Tripwire, Inc Tripwire - Wikipedia Open Source Tripwire - Free System Administration software - Sourceforge Tripwire Interactive - Steam Users' Forums

HOME COMPUTER SECURITY SPECIFICS

The Ten Commandments of PC Security CBC News Indepth: Computer security - How safe is your computer? Researchers say they peeled The Onion Router The Encyclopedia of Computer Security Home Computer Security - CERT OnGuardOnline.gov provides practical tips from the federal government Microsoft - Security at Home Security Essentials - Microsoft Stay Safe Online. National Cyber Security Alliance Home PC Firewall Guide Guide for. Home. Computer. Security NIST Computer Security Division's CSRC Home page Federal Trade Commission - Consumer Information Security Security Tip No. 9 - Security for your privately owned home computer Home Computer Security Checklist - digitalchoke

HOSTS file

Access to/from Sites (URLs/Web addresses) listed in your "hosts" file are blocked or re-directed to specific IP addresses by Microsoft Windows. Hosts files were originally (an are still used) used in Unix, MAC OS, and now Linux and Windows operating systems as a method to prevent suspected, alleged, "bad/AD depositing/Spyware depositiong/..." sites from effecting your computer. The contents of your Hosts file may be edited. If you run Anti-Spyware or Anti-Virus programs, you may have to use one of those programs to edit the Hosts file (otherwise, those programs may try to proect your computer by NOT allowing you to edit to the Host file). Both your Anti-virus and Anti-Spyware programs will probably automatically add hundreds of suspected, alleged, "bad" sites to your Host file, in an effort to protect your computer from these sites. Normally, You the computer user, would have NO need to worry about, modify, nor setup your computer's Hosts file. Only Advanced users may wish to modify the Hosts file. NOTE that some Malware modifies your HOSTS file to prevent you from getting to URLs of known Malware detection and corrections sites. If you can't browse to these security sites, check tghe contents of your hosts file. WINDOWS HOSTS FILE INFORMATION: How do I use the Hosts File? How do I change my hosts file? Or, how can I see my domain before ... How To: Hosts File FAQ Blocking Unwanted Parasites with a Hosts File Windows Host file corrupted - can't edit Changing your hosts file in Vista You cannot modify the Hosts file or the Lmhosts file in Windows Vista The Hosts File and what it can do for you Using the Windows Hosts File Hosts file - Wikipedia, the free encyclopedia WINDOWS VISTA HOSTS FILE: Buster Collings - Windows Hosts File Editor Change "hosts" file in Windows Vista Online Apps DBA: One Stop ... Programming Tips and Tricks - Blog Archive - Edit Windows Vista ... Edit the Windows Vista Hosts File - MAXIMUMpcguides MORE HOSTS FILE INFORMATION: Microsoft TCP/IP Host Name Resolution Order Downloads - AdBin - Windows Hosts file editor 1.0 Freeware Software - tucows Windows Marketplace: Product details for AdBin - Windows Hosts ... Hosts: Free ad blocker and hosts file editor; Windows hosts file .. Windows, Linux, and Mac Hosts File Modifications Web Ad Blocking Under Linux/Unix, BeOS, MacOS and Windows About Windows HOSTS File and How To Make Use Of It - Raymond.CC Blog What is the Windows Hosts File | Hosts File Location ... AdSense blocked by Windows hosts file Blocking Unwanted Parasites with a Hosts File MVPS HOSTS file is a free download - list of sites that MVPS says should be blocked Hosts file - Wikipedia, the free encyclopedia Host - Wikipedia, the free encyclopedia What is the Hosts file? Gorilla Design Studio Presents: The Hosts File - blocks major advertisers' hostnames The Hosts File and what it can do for you hosts-file.net - The Official Home of hpHOSTS: hpguru's HOSTS file

HTML Injection (Site Cross Site Scripting)

Don't be a victim of Sinowal, the super-Trojan What is HTML Injection Code injection - Wikipedia Bugtraq: SNMP Injection: Achieving Persistent HTML Injection via Gtalk 1.0.0.105 html injection and Stealing message

IDENTITY THEFT

JPMorgan hack: 5 secrets to [Help] keep scammers out of your accounts PICK COMPLICATED, STRONG PASSWORDS I AM LEARY OF THE FOLLOWING SITE, AS I DON'T BELIEVE IN GIVING ANYONE YOUR PERSONAL INFORMATION. THIS SITE DOES COME RECOMMENDED BY VARIOUS SOURCES, SO IT MAY BE PERFECTLY SAFE. THE INFORMATION THAT YOU PROVIDE IS TRANSFERRED VIA A SECURE HTTPS CONNECTION. NOTE THERE IS AN "OPT-OUT" CHECK BOX - I WOULD USE IT, IF YOU USE THIS SITE.: My ID Score - a new way to quickly and easily assess your risk of identity theft Security book chapter: The Truth About Identity Theft How to limit your personal data in online directories Unwary Customers Contribute to Online-Banking Security Woes Top 10 Ways Cyber Criminals Use Your Information - PDF Deter. Detect. Defend. Avoid ID Theft - ftc.gov About Identity Theft - Deter. Detect. Defend. Avoid ID Theft Identity Theft and Fraud - usdoj.gov Wedding season brings threats of identity theft for engaged couples IdentityTheft.org - Identity Theft Prevention and Survival SSA logo: link to Social Security Online home Identity Theft - ssa.gov IDENTITY THEFT dot com Identity Theft Resources Identity Theft Resource Center - A Nonprofit Organization Identity Theft -- Office of Inspector General Online Identity Theft: Phishing Technology, Chokepoints and ... - PDF Online identity theft - OECD Observer Liberty Alliance takes on ID theft
Caught by a Phish Sunbelt Adds Detection for ID Theft Keylogger Spyware Researchers Discover ID Theft Ring The latest Identity Theft technique - 10/2004 Limiting Identity Theft Damage See also: Password Safes

IDS - Intrusion Detection System

Intrusion detection system - Wikipedia how artificial intelligence is influencing intrusion detection system (IDS) development IDS References - wikipedia IDS Resources (links) - wikipedia See also: Firewalls See also: HIDS See also: HOME NETWORKING SECURITY See also: IP Filters/Filtering, Port Forwarding & IP Firewall Administration See also: IP ABUSE See also: IP Masquerade See also: IP SECURITY See also: IPsec See also: IP Stack Hardening See also: NIDS See also: VPN

IM - INSTANT MESSAGING

Critical AOL's IM FLAW Instant Messaging Attacks - PCworld Click here for more IM security information Click here for IM reviews and downloads

INTEL SECURITY/VULNERABILITY INFORMATION

Three Vulnerabilities found in last 9 months (4/2009). Attacking SMM Memory via Intel CPU Cache Poisoning (whole thing) Attacking SMM Memory via Intel CPU Cache Poisoning - PDF Attacking Intel Trusted Execution Technology - Paper (Black Hat DC, Feb 2009) Attacking Intel Trusted Execution Technology - Slides (Black Hat DC, Feb 2009) Interesting - latest Microsoft XP updates INCLUDE Intel's Processor Patches (see below) SEE ALSO: SPIM

INTERNET EXPLORER

SECURITY ALERT: Internet Explorer bug lets hackers take over your computer What the new Internet Explorer bug means to XP users - NOT FIXABLE IN XP - Komando.com Dangers of IE 'Cookiejacking': What You Need to Know IE 9 (Beta) Blows Away Rivals in Browser Security - PCworld But not tested against Firefox 4.x, (Beta). (FF 70.0 is out) Chinese Hackers Dig Into New IE Bug, Says Google Researcher Security Researchers Verify IE Bug Researchers Remotely Defeat IE Protected Mode Microsoft's Internet Explorer browser falls below 50% of worldwide market for first time You can get a virus by using the F1 key AND Internet Explorer German and French governments say stop using Internet Explorer German government says stop using Internet Explorer IE Exploit a "Watershed Moment In Cybersecurity", Offers Guidance - 1/17/2010 I've always suggested using Firefox for Browsing (You will still need Internet Explorer to download updates to the Windows Operating System) Is IE8 Already in Need of a Security Patch? - March 26, 2009 eWEEK Labs' Tests of Microsoft IE 8 Show Web Browser Is a Must-Upgrade Internet Explorer 8: What You Need to Know Review: IE 8 Shows Great Improvement, but Still Behind Rivals It's The Launch Of IE 8 IE 7 Bug Reopens Debate Over Patch Responsibilities complicated and interesting tool for phishing attacks in IE7 Microsoft Investigates IE 7 Vulnerability IE 7 IS TOO OLD - UPGRADE TURN OFF JAVASCRIPT in IE - all versions - Microsoft says so - 6/2004 Turn OFF JAVA, at least from unknown sites. IE 7 Cautionary Tale Download tool to Remove Microsoft IE 7 beta 2 (only)

Intrusion Detection Languages / CISL

Common Intrusion Specification Language, or CISL A CISL Tutorial Common Intrusion Detection Framework, or CIDF

IP ADDRESS - Where is it located & who owns it?

IP address's location - networldmap Lots of lookups based on a given IP address - dnsstuff WhatIsMyIP.com 127.0.0.1 - IP Loopback Address CLICK HERE FOR MORE IP ADDRESS INFORMATION

Intrusion Prevention / Protection Systems - IPS

IPS Solutions Get Smarter IPS Devices Reach for High End Process Accounting (to find and remove the cause of slowness) Finding Causes of Heavy Usage User resource reporting Bots spiders and crawlers Htaccess

ISO & ISO 17799

ISO 17799, ISO17799 and Computer Security News The ISO 17799 Information Security Portal See also ISO IMAGES - BURNING / CREATING See also ISO Standards See also: ISO Organization

iTunes Alerts

iTunes account theft strikes close to home iTunes Scam: How to Protect Yourself iTunes 8 takes down Vista with 'blue screen of death'

JAVA and J2EE Security Problems

Java Runtime Environment 8.0 Update 191 (Java Console) I am using it (8.161) New Java trojan attacks Mac OS X via social networking sites... Java Patch Closes Security Holes (see above) Vulnerabilities in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges Java Security Traps Worsen - 5/9/2007 Tutorial: Developing real-time and safety-critical embedded Java applications - Part 1 Tutorial: Designing real-time and safety-critical embedded Java applications - Part 2 JAVA - Infected GIF files can take control of your computer These JAVA versions contain fixes for this vulnerability. Older JAVA versions HAVE the vulnerability. Sun Java 2 Runtime Environment 1.3.1_19 Sun Java 2 Runtime Environment 1.4.2_13 Sun Java 2 Runtime Environment 5.0.Update 10 Sun Java 2 Standard Edition SDK 1.3.1_19 Sun Java 2 Standard Edition SDK 1.4.2_13 More details on the above JAVA vulnerability See also: JAVA (all types) Encryption CLICK HERE for more information about JAVA / J2EE / J2ME / J2SE / JAVA2 ...

Javascript Hijacking

September 15, 2008 - infected PDF file caught a User's up-to-date Adobe Acrobat Writer. One of the most common PDF exploits is via Javascript passed as arguments to Acrobat. JavaScript Attacks Get Slicker AJAX Apps Ripe Targets for JavaScript Hijacking sneaky JavaScript Datanotary Hijack - spywareinfo Preventing Web Site Hijacking or Theft Script Console - Javascript TitleTimer is a Javascript-prod ... JavaScript Hikacking - net-security CLICK HERE for more information about JavaScript

Keyjacking / Keylogging / Jacking

There were 180 known, unique keyloggers in April, 2006. Suggestions: 1] Use a Software Firewall (other than the Windows XP Firewall). NOTES (all OPINIONS - use at your own risk) 1] It is not possible to use software to detect hardware keyloggers 2] Software keyloggers seem to be of two types: A] Ones that use a software "hook" about 65% of all SW keyloggers These can be much more effectively found/blocked - 99%+ ??? B] Those that do NOT work by hooking into system software. 3] Using a very good OUTBOUND software Firewall, such as Zone Labs ZoneAlarm, can prevent the keyloggers from reporting back their stolen information (not 100% effective, as I can think of ways that the payload can be retrieved). 4] Don't use the same password for different sites. 5] Change passwords often. 6] Use your mouse to confuse keyloggers 7] Use a secure, encrypted keyword "Safe" - BUT enter the data via tip #6, above. Alos export and save OFF of your computer, a complete list of your IDs and Passwords, in case your system crashes and your keyword safe stops working. Anti-KEY LOGGERS - KEY LOGGER DETECTORS: MyPlanetSoft Anti-Keylogger v1.5 - FREE Anti-keylogger - Free software downloads and software reviews - C/NET Anti Key-Logger - Free Anti-Keylogger Tools - MyPlanet Software ... Keylogger Hunter - Universal anti-keylogger for Vista, Neutralizes ... Anti-keylogger :: Professional anti spyware - NOT free KeyScrambler 2.0 Anti-Keylogger Free Download - Tip HOW TO FOOL KEYLOGGERS: Keystroke loggers - and FOOLING KEYLOGGERS Prevent keyloggers from grabbing your passwords Prevent keyloggers from grabbing your passwords - Scott Dunn - WindowsSecrets.com Some keyloggers can read the Microsoft Windows Clipboard, too More tricks to evade keyloggers on public PCs Keyloggers: How they work and how to detect them (Part 1) Keylogger Reviews - Find out who's doing what on your computer Hardware keylogger - Wikipedia Mouse Only Keyboard v1.4 (MOK) Keystroke logging - Wikipedia Keyloggers - all about key loggers What is a Keylogger Trojan? Thwart password-hungry keyloggers with a Greasemonkey script - a virtual keyboard I Hate Keyloggers: free to download. Anti-Key-Logger, Keylogger Introduction to Spyware Keyloggers Keyloggers - Scamwatch.gov.au Keystroke loggers - and FOOLING KEYLOGGERS Keyloggers: How they work and how to detect them (Part 1) Hardware keylogger - Wikipedia How To Login From an Internet Cafe Without Worrying About Keyloggers - PDF KL-Detector: detect keylogging activity on your computer! New Authentication Scheme Combats Keyloggers, Shoulder-Hacking ... Remove Keyloggers removal instructions How to protect a computer from keyloggers? Antikeylogger, Antispyware How do I Remove a Keylogger? Remove Keyloggers removal instructions Sunbelt Adds Detection for ID Theft Keylogger Keyboard Spy: implementation and counter measures

Malware Software & Alerts (Anti-Malware)

In law, Malware is sometimes known as a computer contaminant, for instance in the legal codes of California, Virginia, and several other U.S. states. WHAT TO DO IF YOU SUSPECT YOU HAVE AN INFECTED COMPUTER WHAT PROGRAMS ARE STARTED AT BOOTUP? WHAT IS RUNNING ON YOUR WINDOWS SYSTEM? APPLE / MAC / IOS MALWARE / iPad / iPhone - click here LINUX MALWARE - click here Be very careful about opening ".HTA" (Hypertext-Application) Files. I AM CURRENTLY (3/02/2014) RUNNING ONLY (Symantec) Norton's 360 Security Suite Version 7 ??. It includes anti-virus, anti-malware, anti-bots, anti-rookkits, Real-Time detection, eMail protection, two-way Firewall, Facebook link checker (for malware), Windows bad System file Directory fixer, Registry cleaner (bad entries, not a malware remover)... and is the now quite fast. Invasive Programs - BookRags Five of the Dirtiest Malware Tricks Malware, Spyware, Adware Or Trojan - What's the Fuss? Computer "Malware": Worms, Trojans, Back Doors and Viruses Defining Malware: FAQ - Microsoft HNS - Malware of the week: Piggi.B worm, ReverseClick.A trojan and ... Read & Run Me First - Malware Removal Guide Free website lists programs with spyware & malicious adware - StopBADware.org Microsoft's Free Malware Remover - XP, WIN2K & WIN2003 ONLY Malware Removal - eurekster Best Computer Security Sites - Gizmo NEWS, ALERTS, CYBERCRIME REPORTS: Sophos security report reveals top threats of 2009 - 7/2009 PC Magazine's Head Off Spyware, Viruses and Malware Series History of Malware Malware info - Noticebored Guide to Malware Incident Prevention and Handling - NIST CMEprovides single, common identifiers to new virus threats to reduce confusion WinPatrol v9.5 - free or $20 Pro version Pestpatrol Center for Pest Research Pests - Computer Associates Spyware Information center Malware - Wikipedia malware.com Malware: what it is and how to prevent it Spyware Guide Database - Spyware, Malware and Adware Defining Malware: FAQ Lenny Zeltser - Reverse-Engineering Malware See also JAVA, JAVA2, J2EE, J2ME, J2SE,... Anti-adware misses most malware Uniblue's Wintasks 5 professional Neuber Software Security Task Manager - evaluates them all, running or not

MALWARE - APPLE / MAC/ IOS / iPhone / iPad

Think Apple computers are still malware immune? This new attack proves otherwise A newly detected malware targeting macOS devices can steal passwords and capture iPhone backups. And it's coming from the same group believed to be responsible for the 2016 election hacks - 2/16/2017. Horrible virus attacks iPads and iPhones - ALERT

MALWARE - HOW SOME MALWARE WORKS

Reverse Engineering Malware (Part 1) Stripping Away Malware's Armor

REMOVE SPECIFIC MALWARE - TOOLS / SCANNERS TO

KillBox is a tool to delete in-use files Bleeping Computer Downloads: Pocket KillBox REMOVING Anti-Virus-1 - bleepingcomputer.com Malwarebytes' Anti-Malware Download Link - bleepingcomputer.com CWShredder - a CoolWebSearch Trojan Remover CLRSCH.COM - Remove "CLRSCH.com/" Adware Tool (download) dc9.exe - what is it DC9 - File C:\Recycled\Dc9.dll infected by "Trojan-Downloader.Win32.Agent.bt" HERE4SEARCH - Trojan.Nebuler - Symantec HERE4SEARCH sends your information to these sites (Says Symantec): here4search.biz content.jdial.biz smart-security.biz F-Secure Spyware Information Pages : Look2Me Can't Remove Look2Me - Safer Networking Forums Remove Look2me Smart Computing Article - How To Get Rid Of Look2Me Symantec Security Response - Adware.Look2Me If you try to remove Look2Me while Explorer is running |MG| Free Download - Look2Me Remover 1.2.0 SWI Forums > How do you remove Look2ME.com ?? Look2me Removal Tool - Lavasoft Storm Virus - F-Secure Malware Information Pages: Small.DAM Teslaplus TROJAN REMOVEL TOOLS Trojan Remover 6.5.9 ViewpointKiller - Kills Viewpoint Media Player - Ver 1.21 Beta - Freeware

BEST MALWARE REMOVERS / SCANNERS - ANTI-MALWARE - REVIEWS

NOTE that Norton's 360 is NO longer the Bloated, slow, resource Hog. It was vastly revised in 2008 and is now the second fastest, but removes the Most Malware:

2016 Anti-Malware

Norton's 360 rated number 1

2015 Anti-Malware

Norton's 360 rated number 1

2014 Anti-Malware

Norton's 360 rated number 1 - Maximum PC

2013 Anti-Malware

Norton's 360 rated almost number 1

2012 Anti-Malware

Norton's 360 rated number 1

2011 Anti-Malware

PC World and I again pick Norton's 360 as the best Security Suite.

2010 Anti-Malware

Norton Antivirus - Norton Internet Security - Norton 360 Version 5.0 (2011) Review: Norton Internet Security 2010 checks your reputation Norton Internet Security 2010 Norton Internet Security 2010 - At A Glance - Reviews by PC Magazine Norton Internet Security 2010 - PC Magazine Advanced Antivirus 2010 (NON-suite) REVIEWS #1 - G Data AntiVirus 2010 - HAVING SEEN A ROOT-KIT, I DISAGREE WITH THIS CHOICE #2 - Symantec Norton AntiVirus 2010 - MY NUMBER ONE - BUT GET THE SUITE, NOT JUST AN ANTI-VIRUS PROGRAM (get Norton 360 [Version: 5]). Comparative test of anti-virus products on Windows 7 - AFTER 3 weeks of NOT getting updates In 2011, 2010, 2009 and 2008, PCWorld rated Symantec Norton's 360 and Internet Security 2011 Suites as the NUMBER ONE RATED, BEST Security Suite. Picking the Right Security Software In 2008, Norton (Symantec) (NAV) Security Suites quit being such a resource hog, and became almost the fastest, if not the fastest, reliable anti-virus, anti-malware scanner. I switched all of my computers back to Symantec. Symantec now has no problem with NVidia graphics cards (that I know of). 2009 results not yet available online, but here is a synopisis of Symantec - COURTESY PC MARCH 2009 WORLD (Symantec Norton Internet Security 2009): NUMBER ONE RATED Symantec Norton Internet Security 2009 Detection Rootkit Rootkit Adware Sucessful False Positives backdoors, Detection Removal Detection Malware bots, Elimination trojans & spyware --------- --------- ------- --------- ----------- -------- 99% 95% 100% 97% 80% zero NUMBER TWO RATED BitDefender Internet Security 2009 Detection Rootkit Rootkit Adware Sucessful False Positives backdoors, Detection Removal Detection Malware bots, Elimination trojans & spyware --------- --------- ------- --------- ----------- -------- 97% 100% 100% 96% 70% One NUMBER NINE (last) RATED TrendMicro Internet Security Pro 2009 NOT PCworld recommended Detection Rootkit Rootkit Adware Sucessful False Positives backdoors, Detection Removal Detection Malware bots, Elimination trojans & spyware --------- --------- ------- --------- ----------- -------- 69% 95% 100% 68% 75% not mentioned Early 2008 Security Suite Ratings - PCWorld: #1 RATED Symantec Norton Internet Security 2008 Price for use on up to three PCs: $70, PCW Rating: 84 Very Good, Performance: Very Good, Design: Very Good, Features: Superior Bottom Line 2008-2011: Norton offers solid performance, including the best behavior-based protection against unknown threats. I RECOMMEND AVAST IF YOU ARE ONLY GOING TO USE A FREE VERSION OF ANTI-MALWARE. SpywareBlastger - helps prevent malware installation and dangerous ActiveX usage SUPERAntiSpyware Free version SUPERAntiSpyware Pro (not free) Spyware Doctor with AntiVirus 6 - $40 - PCmag Spy Sweeper 5.5 with Antivirus - PCmag Ad-Aware 2008 Pro - PCmag VIPRE Antivirus + Antispyware 3.1 - PCmag a-squared Emergency USB Stick - rated poorly - PCmag AVG Anti-Virus Free 8.0 - PCmag AVAST! antivirus 4.9 Home Edition - HIGHLY RATED AVAST 6.0.1367 Free version - Download GarbageClean 3.0 - not liked by PCmag NovaShield AntiMalware 2.0 - not liked by PCmag SpyEraser 2 - "still has a long way to go" - PCmag STOPzilla 5.0 - "you can do better" - PCmag ThreatFire 3.5 - "free utility is excellent complement to existing protection" - PCmag Webroot AntiVirus with AntiSpyware and Firewall - PCmag

ONLINE/DOWNLOADABLE MALWARE CHECKERS - Free I believe

Free online ActiveScan 2.0 antivirus - requires ActiveX - Panda Security a-squared Web Malware Scanner McAfee Avert Stinger Free Virus Scan: Use ESET's Online Antivirus Scanner Trend Micro - Housecall - requires ActiveX F-Secure Online Scanner - scans only most likely places Bit Defender - turn off any pop-up blockers Computer Associates - requires use of Internet Explorer? Trend Micro - Free Tools and Services Online special removers Jotti's malware scan is a free, online - scans uploaded files - Javascript required SEE ALSO ONLINE VIRUS CHECKERS

REMOVE MALWARE WHEN CAUSE NOT KNOWN

If the PC does not have Internet Access, go to a computer that does have Internet access and download a portable version of SuperAntiSpyware. Maximum PC's Ultimate Malware Removal Guide KillBox is a tool to delete in-use files Bleeping Computer Downloads: Pocket KillBox Remove a Virus or Other Malicious Infection The Complete Computer Virus Removal Guide - brighthub Ad-aware - Freeware Bazooka Adware and Spyware Scanner - Detects a multitude of spyware, adware, trojan, keylogger,... Bug Off - disables a few exploits that are commonly used CWShredder Malwarebytes' Anti-Malware CA Anti-Spyware 2009 LE | Formerly CA eTrust PestPatrol Anti-Spyware Spybot Search & Destroy Spy Sweeper - Freeware (also full version for a fee) FOR MORE STUBBORN PROBLEMS: Please save or print these instructions before beginning: FOLLOW THESE DIAGNOSTIC INSTRUCTIONS from forums.techguy.org Welcome to Tech Support Guy! RUN THESE SCANNERS AND SUBMIT RESULTS TO: To get free help with your problem, please read our Welcome Guide. If you need live support immediately, you can Chat Now. Kaspersky Online Scanner ewido anti-malware Security Suite During the installation, uncheck the following under Additional Options: Install background guard Install scan via context menu NOTE: Merijn sold HijackThis to TrendMicro. They've released version 2.0.2. NOTE2: FEWER SITES WILL ANLAYZE YOUR HIJACK THIS OUTPUT FILES, HERE ARE TWO AUTOMATED SITES THAT WILL ANALYZE YOUR HIJACK THIS LOG FILES: Analyzes your Hijack log files - http://www.hijackthis.de Analyzes your Hijack log files - http://hjt.networktechs.com/ Run HijackThis (2.0.2) and click Do a system scan and save a log fil HijackThis - FAQ - MicroTrend HijackThis - Quick Start Guide TrendMicro HijackThis - investigate browser add-ons download .. HijackThis Tutorial - How to use HijackThis to remove Browser HijackThis Logs and Infections Removal Stinger - general virus/trojan/malware remover - McAfee FREE Threatfire 3.5 Protects Against New Malware Threats - PC World

OTHER MALWARE REMOVERS - Freeware, Open Source, Commercial

I see that MalwareHelp.ORG lists a lot of these - MalwareHelp.ORG

EXCELLENT SITE: malwarehelp.org McAfee Avert Stinger - Standalone removal - Free Kaspersky free virus removal tools SysClean Package - Trend-Micro Panda QuickRemover F-Secure CWShredder - a CoolWebSearch Trojan Remover CCleaner bitdefender - Free Virus Removal Tools Norman Malware Cleaner AVG Antivirus Tools avast! Virus Cleaner Free eTrust Antivirus Tools and Utilities - standalone cleaning utilities

PC Magazine's Head Off Spyware, Viruses and Malware Series

Head Off Spyware, Viruses & Malware - PCmagazine Series - #1 Baselining Your System - #2 Creating a Process Inventory - #3 Understanding What You See - #4 Rough and Ready Performance Metrics - #5 Other Snapshots Worth Gathering - #6 Comparing Differences - #7 Monitoring System Security - #8 Proper Password Handling - #9 Stay Away from Risky Downloads - #10 When in Doubt, Play It Safe! - #11 Summary - #12

MALWARE - GET HELP with Malware

TomCoyote Forums Geeks to Go Forums SpywareInfo Forums

MAN in the MIDDLE Attacks

A man in the middle attack occurs when an attacker can direct the client/server traffic through his/her/their computer system and modify or capture the data (which could be messages). Carnegie-Mellon University has come up with a method of detecting man in the middle attacks. The Carnegie-Mellon solution, Perspectives, is discussed in this paper. If the Detection mechanism detects a problem, DO NOT SEND personal data. Even if the Detection Mechanism (called Perspectives detects no problem, most of us would NOT trust the site. Perspectives is a FireFox 3.x add-on. Man-in-the-Middle - SSL-protected Websites Getting A Perspective On Man In Middle Attacks Mozilla garners praise over Firefox security feature Perspectives Overview

MEDIA PLAYER - Microsoft Windows

Windows Media Player - Latest version is: 11.0.5721.5280 Scripts in (Windows Media Player) ASF files (part 1) Detecting scripts in ASF files (part 2) Media Player - Security component upgrade - Microsoft Slashdot | Microsoft Media Player "Security Patch" Changes EULA ... Hackers Tune In to Windows Media Player Microsoft Security Bulletin MS06-005: Vulnerability in Windows ... Questions and answers for Windows Media Player Security Restrictions

Messenger Services Spam (Win2k, NT, & XP)

NOTE: Just turning Off Windows Messenger Service will NOT prevent it from running every few minutes. How to prevent Windows Messenger from running on a Windows XP-based computer - MS Remove Windows Messenger Disable/Remove Windows Messenger Stopping Windows Messenger SPAM Windows Messenger Spam Elimination Freeware

MICROSOFT - NON-Windows SECURITY ISSUES

Fake Microsoft Outlook Update Installs Trojan SMBv2 vulnerability: To patch or not to patch? Silver light update - January 20, 2010 Microsoft Closes PowerPoint Zero-day Hole - May 12, 2009 Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability Security design: Why UAC will not work Security Researcher Finds Flaw in Windows Media Player VML vulernability - MS fix is out - can be infected just by viewing a Web page See also: Advisories, Microsoft See also: EXCEL See also: IE - Internet Explorer See also: Messenger Services See also: Power Point Attacks See also: Windows Free Security Updates See also: WORD See also: Zero-Day Attacks

MOBILE MALWARE / VIRUSES

SMS Phishing is called SMiShing. BlackBerry PDF parsing vulnerability - 7/15/2008 Mobile devices & Applications - Emerging Security Threat #3 - Jim Raposa Low threat from mobile malware - F-Secure - 9/27/2007 Phishers Cast a Mobile Net (via cell phones) - SMS Phishing (SMiShing

C# Crossover Malware (Mobile Malware)

The people at the Mobile Antivirus Researchers Association (MARA) are reporting that they have discovered the first PC to Handheld crossover malware written in C#.

(HOME) NETWORKING SECURITY

Recommendations, Mine CERT - Home Network Security Information 127.0.0.1 - IP Loopback Address CLICK HERE for more information about NETWORKING Check your computer's Ports for network vulnerabilities - port scanner Network Security - Network World How to Enable the My Computer Security Zone in Internet Options - Microsoft Network security - Wikipedia, the free encyclopedia See also: Firewalls See also: Browser Security See also: Hardware Firewalls See also: Softwareware Firewalls Wireless Encryption - USE IT: SECURITY - Wireless See also: WAP See also: WEP See also: WPA. NOTE: WPA can be cracked. See also: WPA2. NOTE: even WPA2 is no longer secure. More Advanced: See also: Hosts file See also: IP Filters/Filtering, Port Forwarding & IP Firewall Administration See also: IP Management See also: IP Masquerade See also: IP Routing See also: Modems See also: Secure Connections See also: Wireless Security

NIDS - Network Intrusion Detection System

Network Intrusion Detection System - wikipedia Network Intrusion Detection System (NIDS) Firestorm NIDS - SANS Institute - Intrusion Detection FAQ: What is network based ... Evading NIDS, revisited - popular IDS evasion attack techniques freshmeat.net: Project details for Firestorm NIDS Active Mapping: Resisting NIDS Evasion Without Altering Traffic Site DISA - U.S. Defense Information Systems Agency EasyIDS - Free customized CentOS install cd containing Snort, Barnyard, BASE, ntop, and more Barnyard - SourceForge.net: Barnyard BASE Snort Wireshark (was Ethereal)

NOVELL SECURITY ISSUES

Novell's iPrint open to attack, say researchers Novell eDirectory LDAP Search Request Heap Corruption Vulnerability- labs.idefense.com

ONLINE BANKING

While useful, online banking can be very dangerous to your wealth. There are many Key Loggers and other such Malware ready to send your bank account numbers and passwords to the crooks. If you must bank online, I strongly suggest that: 1] Do NOT send any private information (account numbers, passwords,...) UNLESS you see the "Lock" symbol (scroll down a little) on your web browser, indicating that the transaction is being send ENCRYPTED. See also: The "LOCK" security symbol 2] You use a Password Safe to keep and supply your account numbers and passwords. If you don't use a password safe, at least confuse the key logger. 3] Delete ALL temporary files immediately after doing your online banking. You could use the free CCleaner. 4] Use STRONG (not easily guessed or computed) Passwords. 5) Use an OUT-GOING Firewall to help prevent Malware from sending your banking information to the crooks. I currently use the one built into (Symantec's) Norton's 360 Version 5.0. ENSURE that it is turned on (configured) to stop BOTH unknown incoming AND outgoing Internet traffic. 6] If possible, use some non-Microsoft-Windows operating system, such as Linux or MAC OS X (there are fewer malware programs written for these operating systems, although Malware does exist for them). Majority Of Online Banking Customers Use Same Credentials On Other Less-Secure Websites NSW Police: Don't use Windows for internet banking

OPEN OFFICE

OpenOffice bug hits multiple operating systems

Open Source Anti-Viral Programs

Clam AntiVirus

Open Source Vulnerabilities

Open Source Vulnerability Database

ORACLE Vulnerabilities & Patches

38 Oracle security patches coming next week - 10/16/2009

ORGANIZATIONS - Anti-Malware

Anti-Spyware Coalition (ASC)

OUTLOOK / OUTLOOK EXPRESS - Microsoft's

Beware of Fake Microsoft Outlook Update E-mail

PASSWORD TIPS / INFORMATION

PASSWORD - wikipedia

PASSWORD STRENGTH CHECKERS

There are different ideas as to what consitutes a strong (hard to crack) password. Here are some programs that test your password: password STRENGTH checker - Microsoft Gmail flaw shows value of strong passwords

PASSWORDS - GENERATE STRONG

Random Password Generator How To Create Strong Passwords That You Can Remember Easily How secure is your password? / Tips on creating passwords Perfect Passwords - GRC Strong passwords: How to create and use them - Microsoft Security Awareness - Articles - Keep Safe with Strong Passwords Strong Password Generator Choosing and Protecting Passwords - Cyber Security Tip ST04-002 Strong Password Generator PASSWORD INFORMATION - Continued: Video: Simple tips for better password security Password Tips and Encrypting Passwords Password "Safes" Security Tip: Buy Password-Cracking Software Excel Password Recovery PASSWORDS - BIOS PASSWORDS - WINDOWS

PASSWORD (Key) SAFES

The advantages of Password Safes: A] You don't have to remember the poassword B] KEYLOGGERS CAN NOT GET YOUR PASSWORD IF A PASSWORD SAFE IS USED TO SUPPLY THE PASSWORD. The problems with password safes: A] You must export (I'd print) a list of them, in case your system crashes. B] What happens if your subscription to Norton's 360 expires (it includes the password safe that I use)? I'll have to check on that. C] You have to log-in to your password safe. D] If you go to a site that allows logins, your password safe will probably ask if you want to sign in, or if you want it to save your password. Where to get a Password Safe: Do NOT use one that works online - you want the program on your computer. A] It comes free with Norton's 360 anti-Malware Suite (Version 5.0). B] With Password Safe, a free Windows utility designed by Bruce Schneier I'm a fan of Bruce Schneier - I'd use his if your anti-Malware doesn't supply one. C] Password Safe - Sourceforge D] KeePass Password Safe - open source password manager E] Password safe - Free Password Manager F] KeePass Password Safe 1.11 - C/NET G] COMODO I-Vault - Free Password Management NOT FREE - THESE HAVE SOME KIND OF COST: A] RoboForm 6.9 - (most popular for pay) C/NET A friend uses/likes it (it is not free). RoboForm creates complex passwords for you, and keeps them encrypted. RoboForm then supplies the passwords then needed (you don't type them). You can get a printout of your encrypted passwords for a backup. RoboForm review RoboForm download site. WARNING - WHEN MY (2009) NORTON 360 EXPIRED, IT WOULD NO LONGER EVEN RUN (as opposed to no longer getting updates). I FIND THIS COMPLETELY WRONG (my opinion). I CONSIDER NORTON 360 THE BEST ANTI-MALWARE (and I still use it). (I feel that it should just stop updating itself, while, of course, warning the user that that the protection is obsolete). This (not running after the expiration date) IMPLIES THAT YOU HAD BETTER PRINT OUT ANY ID/PASSWORDS THAT YOU HAVE IN NORTON'S IDENTITY SAFE BEFORE YOUR NORTON EXPIRES. See also: Encryption See also: Encryption Products (sofware applications)

PATCHING

PATCHES - LINUX

PDF Vulnerabilities

HOW TO COMBAT THE: PDF "/Launch" - Social Engineering Attack More information about ADOBE vulnerabilities may be found HERE Four out of five Web-based exploits use malicious PDFs (2/20/2010). Malicious PDF File Doesn't Need a Software Vulnerability - 4/1/2010 Security updates available for Adobe Reader and Acrobat - February 7, 2008 Neosploit Updated to Include an Acrobat Exploit - 05-05-2008 One of the most common PDF exploits is via Javascript passed as arguments to Acrobat. Extracting scripts and data from suspect PDF files - 7/15/2008 September 15, 2008 - infected PDF file got through a User's up-to-date Adobe Acrobat Writer. BlackBerry PDF parsing vulnerability - 7/15/2008 New techniques hide PDF malware - Microsoft Windows Vista ... - Apr 29, 2008 PDF malware crashes into October 2007's top virus charts PDF malware New .PDF malware (?) - 2007 ARN - New techniques hide PDF malware Cyber-criminals launch PDF malware offensive - vnunet.com Researcher: JavaScript Attacks Get Slicker vulnerability in Web-hosted PDF files revealed

PHARMING

Phishing uses social engineering to convince users to enter personal information onto a faked site that collects the data for the criminals. Pharming goes one better, so when a user enters a perfectly legit URL of their choice (like their bank) they are hijacked and taken to the criminals' faked site. No social engineering involved. BROWSER PATCHES TO SHOW THE FAKED URL ARE USUALLY AVAILABLE. There is a tool that will help you fight both the phishers and the pharmers. It's a browser plug-in from a company called Netcraft. Larry Seltzer did a review. Of course, the latest Pharming attacks are based on phoney Swine Flu emails. Find out how pharming attacks hijack Internet domains - view the video Pharming - definition of APWG - Anti-Phishing (and Pharming) Working Group New Netcraft Toolbar Blocks Phishing, Analyzes Web Sites Anti-phishing group expands to address pharming

PHARMING, DRIVE BY

change the default administration password for your router.

PHARMING NEWS

Router access is enough for attackers to steal personal information

PHAXING

phaxing

PHISHING

Phishing uses social engineering to convince users to enter personal information onto a faked site that collects the data for the criminals. Pharming goes one better, so they when a user enters a perfectly legit URL of their choice (like their bank) they are hijacked and taken to the criminals' faked site. I AM SEEING AN INCREASE IN EBAY EMAIL PHISHING and SCAMS - Be careful - 8/20/2015 Both Firefox 3.6.4.35 (and later) and Internet Explorer 7 (and later) will attempt to screen out known Phishing web sites by blocking access to those sites (I think that you can over-ride the blocked access, if you wish). I AM USING McAFEE's SITEADVISOR V 3.4.0 Firefox 6.x plugin to help evaluate sites. There is a tool that will help you fight both the phishers and the pharmers. It's a browser plug-in from a company called Netcraft. Larry Seltzer did a review. Netcraft dot com Fight Fraud and Phishing With New Tools - PC World Cloudmark and Comodo have anti-phishing software (see previous link). Neither UPS nor FEDEX will send you an email regarding problems with your delivery - do NOT click on any links in these emails. If you wish, go to the real UPS or FEDEX web page and start your inquiries there. This year is going to be a good year financially. How do we know this? It's obvious because spammers are hard at work A recent phishing e-mail read, threatening account deletion A new phish frontier: Phishing of domain registrar accounts AT&T Cell Phone Phish - 10/9/2009 Phishing Scheme Almost Catches FBI Chief BlackBerry Update Fixes Phishing Flaw - 10/1/2009 Chained Exploits: How to prevent phishing attacks from corporate spies Rock Phishing: The Threat and Recommended Countermeasures Google Talk Users Hit with Phishing Attack After Gmail Outage UPS/FedEx Delivery Failure Hackers spoof MSNBC Watch out for fake IRS e-mails Email purportedly from a private investigator investigating you Can you spot a phish? Play Carnegie Mellon's game and see Phishers Play Top 40 Just Say "No Thank You" to Data Disclosure Phishing.gov? phoney invoices - the latest phishing technique Internet Banking Verification phishing scam against Flickr users Microsoft: UAC Can Be Hijacked by Social Engineering RSA Alert: New Universal Man-in-the-Middle Phishing Kit Discovered your credit card has been assigned to two different accounts.... I've now seen the Bank of America Phishing scheme: B of A phish attack - Subject Line: Sitekey update is required phishing attack against military personnel APWG - Anti-Phishing Working Group Phishers Cast a Mobile Net (via cell phones) Study: Microsoft Anti-Phishing Uses Best Bait The Top Phish this week Ads Masquerading As Security Warnings Phishing Filter Prevents E-Mail Identity Theft Phishers try to best banks' authentication Caught by a Phish Phishing - definition of Phishing: What's Spam Got to Do With It? Phishing Attacks Escalating April 2005 Phishing Trends report of the Anti-Phishing Working Group APWG - Anti-Phishing (and Pharming) Working Group Spotting Phish and Phighting Back New Netcraft Toolbar Blocks Phishing, Analyzes Web Sites antiphishing.org FraudWatch International: Anti-Phishing Specialists The Phishing Guide - PDF - NGS

PHOTOGRAPHS - DOCTORED / SCAM STOPPERS

A defense against Photoshop funny business

POP-Ups - POPUPS - STOP THEM

FTC Stops Explicit Popups Turning OFF Microsoft's Messenger Service helps enormously, and has nothing to do with Instant Messenging (you can still IM if you wish). There was a tie (PC Magazine article, but I prefer Zone Alarm): Zone Alarm Pro (NOT the free version) Symantics Norton Internet Security

Port Knocking

Port Knocking is a technique of opening Firewall ports by attempting a connection that causes the Firewall to open up certain computer ports in anticipation of a legitmate connection. The best method of avoiding Port Knocking is to set all of your computer ports to Stealth Mode, wherein your computer does not respond AT ALL when it receives an unsolicited message to any of your computer ports. PERSONALLY, I believe that Zone Alarm Pro does the best job of locking your computer ports. You can check the status of your computer ports by going to GRC's SHIELDS UP, scroll down and run the "PROCEED" option, then scroll down & select Common Ports. Port Knocking - wikipedia

PORT NUMBERS - Assigned Computer

ANA ORG (IETF) - Port Number Assignments Port Knowledgebase Ports used by known Trojans The Windows (DOS) command: netstat -an will list all your open ports

PowerPoint ATTACKS / VULNERABILITIES

MS Advisory: Beware Unexpected PowerPoint Files New Exploit Takes on MS PowerPoint - Malware Blog - Trend Micro - 4/3/2009 A PowerPoint Blog: PowerPoint Malware Flaw - Apr 23, 2009 Microsoft PowerPoint - Malware - Finding the Needle Microsoft Malware Protection Center : New 0-day Exploits - 4/2/2009 Advances in Office/Excel/Powerpoint Malware detection & analysis - 7/31/2009 Vulnerability: MS08-051. Microsoft PowerPoint vulnerabilities could allow remote code execution (949785) - 12 August 2008

PRIVACY

Many of the newest Web Browsers (IE 8's InPrivate and FireFox 70.0.1 (Quantum) (and later) have a Privacy or Stealth Mode, which enables the user to browse web sites without leaving the usual trail of data on the the computer used for the browsing. NOTE that Stealth Mode will NOT hide your identity from the sites that you visit. Computer Security Ethics and Privacy Internet privacy - Wikipedia Computer Privacy Articles Computer Security and Privacy Anomynity - Remain Anonymous You are being tracked by FLASH COOKIES Monitoring of Employees on the rise WEB BUGS are stealing information from your computer ** Computer Privacy Software: computer privacy software - internet privacy ... AllTracksGone Window Washer Computer Privacy Cop 2005 - Free

PRIVACY POLICY

Our Privacy Policy

PROGRAMMING VULNERABILITIES

'Dangling pointers' more dangerous than thought, says security vendor

PUP - Probably/Possibly Unwanted Programs

Unasked-for software that was installed on your system. Often considered non-maligant malware. Usually installed when you install something your want. You can sometimes opt out of installing these, if you do the Custom install (NOT the default install). I DELETE THEM (via Selecting all PUPs - Malwarebytes In Malwarebytes Anti-Malware, PUP detection will show up unchecked on the results list by default. The user would have to manually check them for removal to ensure that they do indeed want these removed. But if you ever find yourself staring at a giant list of PUPs to check mark and remove, to do so quickly, you can highlight one of the detection by left clicking on it. Then, right-click on the highlighted detection, and click Check all items. Next, select Remove Selected. Additionally, you can change the default to automatically check mark all PUPs to ready for removal by following the directions below. What are the 'PUP' detections, are they threats and should they be deleted?

PYTHON Vulnerabilities

Stay tuned...

RAM SCRAPERS

Customized malware created to grab credit card, PIN, and other confidential information out of a system's volatile memory. Lots of these attacks are occuring in POS (Point-Of-Sale [Cash Register]) Servers. Attack Of The RAM Scrapers The Hacker News Network - RAM scraper Scammers scrape RAM for bank card data - The Register Will RAM scraping loosen the sky and make it fall? Attack Of The RAM Scrapers - ISN RAM Scrapers - alt.comp.anti-virus - Google Groups Hard to Detect Hack - Attack Of The RAM Scraper - DIGG

REGISTRY (Windows)

A lot of malware makes entries in the Windows Registry file, so that the malware can restart itself if killed, and hide itself in various places on your computer. Therefore, it is often necessary for the user to modify (via malware removal programs) these Registry file entries. I have collected links to both information about the Registry file and links to programs that may be able to fix your corrupted Registry file. MODIFYING YOUR REGISTRY FILE MAY MAKE IT UNABLE TO BOOT. It is a good idea to back up your Computer Registry files before making any changes. Windows XP makes a backup everytime that you reboot, so that you have the option of going back. For older versions of Windows, you may need to manually create a registry backup. Registry Fixes REGISTRY - DETAILED INFORMATION

Removing Specific Spyware/Malware

Bit Defender - free virus removal tools CWShredder - remove Cool Web Search variants (Trend Micro bought & retired it) Free Tool removes CoolWebSearch (aka CoolWwwSearch, YouFindAll, etc. - CW Shredder Free tool removes unwanted Internet Explorer about:blank home page

RFID Security/Virus Problems

RFID technology dates back to World War II, when the British put radio transponders in Allied aircraft to help early radar system crews detect good guys from bad guys. RFID Viruses and Worms PASSPORTS with RFID CHIPS Have Been HACKED While not foolproof, it helps to wrap your cards in aluminum foil. This Is How Easy It is For Thieves To Steal Everything In Your Wallet Credit numbers stolen from credit cards with Chips - from a few feet away Ebook Vulnerabilities in First-Generation RFID-enabled Credit Cards RFID tags become hacker target - CNET News How RFID Tags Could Be Used to Track Unsuspecting People Is Your Cat Infected with a Computer Virus? (via RFID) RFID - Emerging Security Threat #4 - Jim Raposa RFID (extensive info) - Wikipedia RFID Reference Book Click here for more RFID Information

ROAD RUNNER SECURITY

Road Runner Help - Free Firewall for RR customers Road Runner Security Website REPORTING ROAD RUNNER SPAM: If YOUR outgoing email is blocked as SPAM (Email: removal@security.rr.com) If You wish to REPORT SPAMMERS to Road Runner (Email: spamblock@security.rr.com) Road Runner also uses Third-party Black-List sites to filter SPAM.

Root-kit Hacks - DETECT ROOTKITS

CAUTION - I KNOW NOTHING ABOUT THESE SITES - Caveat Emptor

I NOW RECOMMEND THESE STEPS TO REMOVE ROOTKITS - Click HERE - may NOT be successful UNfortunately, while these programs can detect and remove most Rootkits, you have NO way of telling if all of the Rootkits have been removed - THEREFORE, YOU HAVE TO DECIDE IF YOU WANT TO DO YOUR ONLINE BANKING ON THE WAS? INFECTED COMPUTER - IT MAY NOT BE SAFE. Rootkit - Wikipedia Five tips for dealing with rootkits - TechRepublic On LINUX systems, use rkhunter as a DEFENSE (preventative) FTP (Download) the Blacklight executable from www.f-secure.com - 12/2010 Help: Blacklight free AVG Anti-Root Remover (NOT for Vista) How to use ComboFix Tripwire - Used to detect changes to your computer files (Malware) The Open Source Tripwire project is found on Sourceforge Which version of Tripwire fits your needs? Study: Symantec Best at Removing Rootkits; Microsoft Worst - eweek RootkitRevealer - Sysinternals - Free How RootkitRevealer works, and how to use it Rootkit Hunter demo: Detect and remove Linux rootkits FREE download: New version of Sophos Anti-Rootkit - now includes x64 & Windows7 Support Anti Rootkit Software - IceSword Icesword 1.22 - Major Geeks PC World - PC World Downloads - IceSword IceSword Author Speaks Out On 'Rootkits' Download IceSword 1.22 - IceSword - A very useful rootkit scanner ... - Softpedia Six Rootkit Detectors Protect Your System -- Rootkits ...- REVIEWS chkrootkit - locally checks for signs of a LINUX rootkit Rootkit Hunter demo: Detect and remove Linux rootkits Rootkit Hunter loganalysis.org - useful information on log analysis for computer security Sleuth Kit (TSK) is a collection of UNIX tools to investigate computers Kill Spyware by Hand Best Free Rootkit Scanner/Removers - Updated 30th March, 2007 - techsupportalert.com Review: Six Rootkit Detectors Protect Your System - Information Week - 1/16/2007 F-Secure BlackLight - review - Information Week IceSword - review - Information Week RKDetector - review - Information Week RootkitBuster - review - Information Week Rootkit Unhooker - review - Information Week Conclusion of the six reviews - review - Information Week Sophos Releases Free Anti-Rootkit Software Panda releases free Anti-Rootkit Software Panda Activescan download - REQUIRES ActiveX enabled to RUN Detect rootkits and rootkit behavior with these techniques Search for rootkits with Rootkit Hunter on Linux systems RootkitRevealer (zip) - free Microsoft Research rootkit home page Understanding Hidden Threats: Rootkits and Botnets - US-CERT Prevention Guide: Detecting and removing rootkits in Windows What are user-mode vs. kernel-mode rootkits? Rootkit: The Complete Documentation - 10t3k.org Some Observations on Rootkits - Microsoft Malware Protection - 2010 Rootkit May Be Culprit in Recent Windows Crashes - Krebs on Security - 2/2010 10 AntiRootkits Tested to Detect and Remove a Hidden Rootkit - raymond.cc NOTE - I have not checked the links in this article, which INSTALLS software, so you may wish to NOT click on the anti-rootkit software links. AVG LINkscanner reported: "There was a problem when trying to scan this page. Please try again later." Rootkits: almost invisible malware - PandaSoftware ID-Triggered Rootkits - blogspot Step-by-Step Guide: Finding and removing a rootkit - 2006 (old) Rootkits - White Papers, Webcasts and IT downloads - Bitpipe.com

ROOT-KIT NEWS / ARTICLES

Rootkits can even be loaded into your Computer BIOS. The Dissection of a Rootkit - F-Secure Security Labs Rootkit Detection and Removal - pcsupportadvisor Can a Rootkit Be Certified for Vista? Rootkits: The Ultimate Stealth Attack Rootkit - wikipedia US CERT Cybertip explains "hidden threats" such as root kits and botnets SANS Institute: Analysis of the T0rn rootkit Anatomy of a Root-Kit Hack Hacking Tools Can Strengthen Security The Doomsday Machines of Malicious Software Root Kit Info Microsoft Research recently announced Strider GhostBuste InfoWorld: Holy Father on rootkit writing for fun, profit Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes Rootkit Takes Aim at AOL Rootkits Sprout on Networks Hackers Find a New Place to Hide Rootkits - SMM Rootkit (2008)

LINUX ROOT KITS - DETECTION & INFORMATION

Kstat - for usage, enter: ./kstat -i all rkscan is a small Linux Rootkit scanner chkrootkit - locally checks for signs of a LINUX rootkit Help - rootkit scan - What should I do? - Ubuntu Forums Towards a tamper-resistant kernel rootkit detector - ACM Some known Linux Rootkits are: Adore - info by Packet Storm Adore is a popular LKM-based rootkit - O'Reilly - Safari Books Online - 0596007949 Adore - search of "Security Power Tools" (an LRM rootkit) - Analysis of the KNARK Rootkit - Rootkit: The Complete Documentation Information about the knark Rootkit Knark is a kernel-based ... Analysis of the KNARK Rootkit by Toby Miller Analysis of the KNARK rootkit - PDF

SONY's USE OF ROOT-KITS

Sony pleads innocent in latest rootkit fiasco RootkitRevealer v1.7 - Free - Finds rootkits on your PC Rootkits - The New Wave of Invisible Malware is Here - white paper News Analysis: Sony's Rootkit DRM Raises Legal Red Flags AV Firms Say New Trojan Uses Sony DRM Rootkit EFF Takes Action Against Sony BMG Texas Sues Sony BMG Over CD Rootkit Amazon.com Offers Refund for 'Rootkit' DRM-Carrying Sony CDs User Privileges, Malware and the Sony Rootkit Debacle Sony BMG Recalls Copy-Protected CDs Sony's Second 'Rootkit' DRM Patch Doesn't Hush Critics Sony to Help Remove Its DRM Rootkit MORE ON SONY'S USE OF ROOTKITS See also: COPY PROTECTION

RAILS Vulnerabilities

RubyOnRails XSS Vulnerability Claims Twitter, Basecamp And My Confidence See also: XSS

ROUTERS / SWITCHES - Vulnerabilities & Problems

More than 12 million routers are affected by a scary, new security flaw The vulnerability ("misfortune cookie") comes because of software called AllegroSoft installed on every affected router. Older and lower-end routers from D-Link, Edimax, Huawei, TP-Link, ZTE and ZyXEL could be affected. ALL KINDS OF SERIOUS ROUTER FLAWS, especially LINKSYS and D-LINK Self-replicating virus infects and breeds inside Linksys routers Definitely effects these models of Linksys Routers: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900 More than 15 different models of routers from different brands have a huge security flaw that could allow strangers in without the password EFFECTS these models for sure: Cisco WAP4410N DGN1000(B) Netgear N150 Diamond DSL642WLG LevelOne WBR3460B Linksys WAG120N Linksys WAG160n Linksys WAG160N Linksys WAG200G Linksys WAG320N Linksys WAG54G2 Linksys WRVS4400N Netgear DG834 Netgear DG834G Netgear DG934 Netgear DGN1000 Netgear DGN2000 Netgear DGN2000B Netgear DGN3500 Netgear DM111Pv2 Netgear WG602 Netgear WGR614 Netgear WPNT834 all SerComm manufactured devices There's another dangerous loophole in several D-Link models of routers NEW FIRMWARE EXISTS for these models: DIR-100 DIR-120 DI-524 DI-524UP DI-604UP DI-604+ DI-624S TM-G5240 Keep criminals off your Wi-Fi with ease (some?) D-Link Routers are hackable - Could your router be taken over by hackers? Critical Juniper Router Flaw Triggers Prompt Patching Click here for CISCO Vulnerabilities

RUBY Vulnerabilities

RubyOnRails XSS Vulnerability Claims Twitter, Basecamp And My Confidence See also: XSS

SAMBA Security Issues

Samba Security Information Disclosure and DoS

SECURE CONNECTION VULNERABILITIES - SSH, SSL, ...

Fake Microsoft Outlook Update Installs Trojan, then fakes SSL connections SSL Crack Shows You Must Advance Your Security - Security from eWeek Reports of a successful exploit of the SSL Renegotiation Vulnerability? Debian/Ubuntu OpenSSL Random Number Generator Vulnerability

SECURITY, CHECK Your Computer Security

These are safe, reputable sites, even if their use license seems scarey

A good list of PC Port Scanners optout - grc.com - DIS-allow those annoying pop-up browser windows Hacker Wacker SecurityProtocols dot com - USES POP-Unders Anti Online loganalysis.org - useful information on log analysis for computer security Sleuth Kit (TSK) is a collection of UNIX tools to invesitgate computers Ports and their normal use

SECURITY PROBLEMS (computer) - General Info

CVE - Common Vulnerabilities and Exposures - News Click here for more Vulnerabilties / Flaws Information
awareness materials on information security topics - UK Dept. of Trade & Industry NoticeBored Classic security awareness module for March IE's Automatic Execution of Embedded MIME Types Web Bugs monitor who is reading what **

SECURITY SOLUTIONS/FIREWALLS/RESOURCES (Computer)

Security Info - Microsoft Kaspersky's Security Suite - Review - PCWorld 5/2006 PC Mag's Security Software index PCWorld's Firewall review - 6/2004

Shellshock BUG - nasty - Linux / Unix / OS X / IOS / Routers - NOT Windows

New "SHELL SHOCK" may be worse than Heart Bleed Malware. Shell Shock effects the BASH (unix / linux Shell) - NOT a Windows threat. With this bug, hackers can invade half a billion websites and even more gadgets, including your Wi-Fi router. - komando.com Apple has patched Bash vulnerability on Macs What ‘Shellshock’ means to you and me Apple has patched Bash vulnerability on Macs ONLY (NOT iPad / lPhones How to protect your home computer from the Bash shell bug What you need to know about 'Shellshock,' the bug threatening Red Hatter Linux, CIOs everywhere NASTIEST NEW COMPUTER VIRUS, "SHELLSHOCK" - LINUX and UNIX, Not on Windows How to tell if your Apple/MAC COMPUTER has this problem (see above URL). The 'Shellshock' Bash vulnerability and what it means for OS X Shellshock Flaw Poses Big Security Threat for Mac, other Unix Systems

SHOPPING SAFELY ONLINE

Banks use different names, but check to see if your credit card issuer can supply you with one time use credit cards - these are temporary, cards, with account numbers that can only be used once, online or voer the phone. If someone steals this credit account number, and you have already used, it, they can not use it again. Stay Safe Online . org

SIEM / SIM /SEM - Security Info & Event Management

Security information and event management - Wikipedia The convergence of SIEM and log management A Practical Application of SIM/SEM/SIEM Automating Threat ... SIEM: A Market Snapshot - Security - IT Channel News by CRN RSA Conference: Tim Mather: Experienced Security: SIEM in the Cloud Security Information and Event Management (SIEM) - McAfee Products NetIQ Security Manager has solid SIEM foundation - Network World ArcSight SIEM Is the Most Deployed Enterprise Security Management ... Security Information and Event Management (SIEM) - RSA Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization's information technology (IT)\ security. The acronym is pronounced "sim" with a silent e. What is security information and event management (SIEM ... )

SKYPE Security Issues

Skype does NOT encrypt ANY data it sends. Skype for Android Security Flaw: What You Need to Know A Look at Skype's Unresolved Security Issues Skype File URI Code Execution Vulnerability Windows Patch Caused Crash, Skype Says

SMART PHONES (all) - Vulerablities

Survey: 54 Percent Of Organizations Plan To Add Smartphone Antivirus in 2010

SMiShing - SMS Phishing

SMS Phishing is called SMiShing. There is some SMiShing going on - text msg sends you to a BAD web site Phishers Cast a Mobile Net (via cell phones) - SMS Phishing (SMiShing)

SNMP

SNMPv3 Authentication Bypass Vulnerability

SPEAR-PHISHING

A variation on phishing that targets employees at specific organizations. Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property - Darkreading Spear-Phishing on the rise

SPIM - SPAM In Instant Messenger

SEE ALSO: Instant Messenger

SPOOFING

Making an email's address and header information apear to come from someone other than the real sender. Spoofing is often used for some fraudulent purpose. Criminals often spoof real websites. Spoofers often send SPAM emails, These days, more and more web sites (think Banks, Credit Unions, Social Security) are being spoofed. Some of thse spoofs are so good, users can not tell that they are fake, just by looking at them. E-mail spoofing - Wikipedia How to recognize spoofed Web sites To help avoid spoofing problems: 1] Browse with a secure web browser that alerts you to known spoofed URLs I use Firefox with: [A] NoScript addon for Firefox and [B] Norton's Phishing indicator (built-in) and McAfee's SiteAdvisor and [C] WOT (Web-Of-Trust) version 20110704.

SPYWARE

See also Adware (Click here). Spyware's intentions are either to: 1] Steal valuable information, that may cost you a lot of money: A] Key-Loggers / Jackers / Jacking How to FOOL Keyloggers B Identity Theft C Root-Kits D There are too many types to list here. Please go HERE for more information. OR 2] The older type - which tracks where you go and what you do, to attempt to target you with ads more suited to your tastes - I call this ADWARE. I Currently (9/24/2011) use ONLY Norton's 360 Version 5 to combat Spyware. If I suspect that I have problems, I run additional, one-time scans, using other Malware removers. YOU NEED TO ACTUALLY BUY A NEW VERSION EACH YEAR (NOT just the updates), as the program's functionilty gets better each year, and you'll only get that with a new version of the actual PROGRAM (Norton's 360 security suite). I no longer run the (good) Webroot Spy Sweeper, as I got tired of programs fighting each other (reporting other anti-malware programs as actual malware. This way, Norton's 360 does everything, and does not conflict with anything. I was using Webroot's Spy Sweeper to fight Spyware. Today's Top Spyware & Security Stories - PC World SpywareGuide Greynets Database Ad-Aware Free - anti-Spyware

SQL Injection

SQL injection - Wikipedia SQL Injection Attacks by Example SQL Injection - OWASP SecuriTeam - SQL Injection Walkthrough SQL Injection Cheat Sheet SQL Injection - Microsoft SQL Injection - Use a SQL Injection Scanner to Fix It There are two commonly known methods of SQL injection SQL Injection Attacks - Are You Safe? [ASP & .NET Tutorials] Video results for sql injection Application Security Exploit, SQL Injection - video PREVENTING SQL INJECTION ATTACKS: How to find and stop automated SQL injection attacks CodeProject: SQL Injection Attacks and Some Tips on How to Prevent 4GuysFromRolla.com - Protecting Yourself from SQL Injection Attacks Preventing SQL Injection Attacks Prevent SQL Injection Attacks Prevent SQL injection by hardening code Prevent SQL Injection in Php (OWASP Tutorial) | Blank89 ... How To: Protect From SQL Injection in ASP.NET New tools to prevent SQL injection attacks - Tales from the Evil ... Preventing SQL Injection with MySQL and PHP How to Prevent SQL Injection Storm Attacks - Courtesy of Microsof Preventing SQL injection Attacks on your Joomla Websites

SYMBIAN

Most mobile malware has been written largely for Symbian Series 60 devices. Recently J2EE malware was detected. For more Symbian information, Click Here.

TERRORISM, anti-, Links

US-CERT - aggregate available cyber security information

THUNDERBIRD (Mozilla's free eMail program)

I prefer Thunderbird to any Microsoft eMail program, as fewer Hackers target Thunderbird than target Microsoft eMail products. Thunderbird 60.9.0 is out If you update to Thunderbird 3.1.x, from 2.x.x.x, you may find, as I did, that you can no longer send emails, because Thunderbird complains about at Security problem with your SMTP server. The Work-around for this problem is discribed in this FAQ: Unable to authenticate to SMTP server If you have other issues, please check FAQ Upgrading Thunderbird 2 to 3 (FAQ)

TROJAN INFORMATION - CLICK HERE

USB Security Issues and Solutions

Secure USB Drives Not So Secure And in a recent PC World article (too new to be online), USB Vendors recall Encrypted USB thumb drives - not so secure (PC Magazine article by Robert Vamosi): Kingston recalled three of it's models: DataTraveler Blackbox, DataTraveler Secure-Privacy Edition & DataTraveler Elite-Privacy Edition. Verbatim said it's 1GB, 2GB 4GB & 8GB Corporate Secure FIPS Edition USB drives are vulnerable without a firmware update. Sandisk said that it's 1GB, 2GB 4GB & 8GB versions of its Cruzer Enterprise CZ22, CZ32, CZ38 and CZ46 drives were effected and required a FW download. Ironkey WAS NOT EFFECTED - it's passwords are stored in the hardware. Enterprise Data Taken To The Cleaners - Literally "Secure" flash drive vulnerability discovered, exposing sensitive data Viruses Attacking USB Devices GFI EndPointSecurity - Help Prevent data theft and virus infection via USB

Vibrant Media MALWARE (usually on Linux / Unix)

Vibrant Media produces what they call Vibrant -in-text Advertising. I call it MALWARE. It alters your Browser's Home page to: 1] Go to Your usual broswer home page 2] Open three more browser tabs pointing to their ADs. While this problem was more prevelant in 2004/2005, one of my work Linux hosts was recently (April, 2010) sucessfully attacked. On of my Redhat Enterprise 5.5 systems, running anti-malware, was attacked and altered. I first looked for evidence of more difficult attacks, before realizing that it was my Firefox Browser's shortcut (the ICON used to invoke FireFox) that had been altered; The attack changed my Home page to this format: "http://www.woodsmall.com/\http://www-first-link-to-their-site\http://www-second-link-to-their-site" I had been searching for some tehcnical information. Unfortuately, I do not know which URL made this Malware change to my Linux System. Vibrantmedia.com - Website Ownership Information: Site Information Domain: vibrantmedia.com Content Language: EN IP Address(es): 62.32.97.9 Server Location: United Kingdom Title: Vibrant - The Leaders of Contextual Video and In-Text Solutions Description: Vibrant is a world leader in contextual technology, aligning billions of words across the internet with relevant video, information, tools, and advertising. With over 4,000 premium publishers, reaching more than 135 million unique users per month (comScore No Publisher Id string found for vibrantmedia.com. Lookup: Adsense Id, Google Analytics Code Last retrieved 76 days ago. Similar Sites www.myadmarket.com www.ixnp.com www.snap.com www.dedicatednetworks.com www.ad2go.com www.epilot.com www.gen2media.com www.xapads.com www.newspapersoc.org.uk www.adonnetwork.com www.mygeek.com www.clicksor.cn www.clicksector.com www.clicksor.net www.clicksor.com

VIRTUALIZATION Security Issues

Tips for protecting data on VMware virtual machines Secure Virtualization: Much Ado About Next To Nothing Virtual Worlds - Emerging Security Threat #8 - Jim Raposa Virtualization - Emerging Security Threat #9 - Jim Raposa Secure Virtualization: Achieve and Maintain IT Security in Virtual Environments Virtualization Security Products (I don't know them): RSA (part of EMC) McAfee - enterprise - Secure Virtualization CLICK HERE for more information about VIRTUALIZATION

VIRUS INFORMATION - Complete - CLICK HERE

VISHING

Internet Con artists are switching to the Telephone to con people. Vishing Joins Phishing as Security Threat Security Fix - Brian Krebs on Computer and Internet Security ... Cyber-criminals switch to VoIP 'vishing' - vnunet.com

VISTA SECURITY

File-Sharing Vulnerability Hits Vista - 9/25/2009 SP1 is OUT - GO GET IT. New techniques hide PDF malware - Microsoft Windows Vista ... - Apr 29, 2008 Windows VISTA May corrupt iPODS, apple warns Apple: Vista May Corrupt iPods - Software - IT Channel News by CRN ... Vista's Safely Remove Hardware feature & Windows Explorer Eject may corrupt iPods VBootkit - 0wning Vista from the boot\ Notes on Vista forensics Program Names govern admin rights in Vista Vista and Malware - PC Mag Can a Rootkit Be Certified for Vista? Microsoft: UAC Can Be Hijacked by Social Engineering Learn about Vista's changes to user security See also Windows VISTA Information See also Windows VISTA DRM Information See also DRM Information

VML and other Markup Languages

VML vulernability - MS fix is out - can be infected just by viewing a Web page Security Watch: VML Bug Imperils IE Users

Watering Hole Attack

A watering hole attack is where hackers slip malicious code into a legitimate site. watering hole attacks are one of the biggest security threats of 2014 - komando.com

WEB, IP & EMAIL ABUSE - White Papers

The Importance of Vulnerability Management - Whie Paper - BibFix Nine Steps to Enforcing E-mail and Web Acceptable Usage Policies - white paper How Secure Are Your Virtual Servers? Do You Really Know? - whitepaper Tripwire Web Application Security: Too Costly To Ignore - White Paper by Hewlett-Packard Ensuring Web Application Security: Four Best Practices - White Paper by IBM Two Reasons Why You Should Install Messaging Security Software - White Paper

WEB PAGE Security

"Attack Trace" search engine: Is your website being targeted by malware?

WEB Security

LinkScanner - ONLINE - submit URL for immediate safety check AVG LinkScanner 8.5.361 - Review & FREE Download LinkScanner - REVIEW & FREE DOWNLOAD AVG LinkScanner: Browse safely - FileCluster Reviews AVG Link Scanner: Check for potentially harmful links even before ... AVG LinkScanner Helps Avoid "Poison" Web Sites - Network World McAfee's FREE SiteAdvisor - Firefox/IE Plugin checks safety of Links How to limit your personal data in online directories The Ghost In The Browser: Analysis of Web-based Malware - PDF - Usenix Managed Security Monitoring services - Counterpane Sophos security report reveals top threats of 2009

WHITE LISTED URLs (web sites) - Thought Safe to Visit

NOTE - THESE LISTS MAY BE IN ERROR - USE THIS INFORMATION AT YOUR OWN RISK SpamLinks.net dnswl.org - DNS Whitelist SWINOG URIBL whitelist SWINOG DNSRBL whitelist Distributed Checksum Clearinghouse email whitelist Greylisting.Org Whitelisting Spamcheck blacklist domains - surbl.org Mail Provider Postmaster Websites See Also BLACK LISTED WEB SITES (deemed malacious or very intrusive

White Papers on Security

coming soon.

Windows Security Updates from Microsoft

Get & Install the latest Windows security updates. Microsoft's Monthly Windows Security Updates - REQUIRES using Internet Explorer

WINDOWS VULNERABILITY PROBLEMS

Microsoft Warns of New Windows Vulnerability - a flaw in the graphics rendering engine on some versions of Windows "Windows Graphics Rendering Engine in Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. Windows 7 and Windows Server 2008 R2 are NOT impacted by this flaw." Worm Planted in Fake Microsoft Security Update - do NOT respond to EMAILS from "Microsoft" Without a patch, The only way to stop Aurora in IE is to disable JavaScript., OR use FireFox. Microsoft DID issue an emergency patch for Aurora, on 1/21/2009 'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security Unpatched Microsoft Bugs Raise Red Flags - September 08, 2009 Windows File-Sharing Zero-Day Allows for PC Takeover 9/9/2009 Microsoft FINALLY fixing ActiveX bug - Tuesday 7/14/2009

WIRELESS Security

Please click here for information about Wireless Security

WORD, .DOC files & WORDPAD ATTACKS

Microsoft suggests running WORD (w/computer booted up) in Safe_Mode (yeah, right). 'Critical' Microsoft Office hack uses fake Word documents to install malware - 4/11/2017 Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability Office .DOC Problems - yet another zero-day attack Unofficial Registry Script Blunts MS Word Zero-Day Attack

x64_AMD (EM64T) 64-Bit Protection

ZoneAlarm 64-Bit Available in Special Preview Beta

Xen VULNERABILITIES

Adventures with a certain Xen vulnerability (Oct 2008) - PDF - invisiblethingslab.com Xen 0wning Trilogy: 1. Subverting the Xen Hypervisor - PDF - invisiblethingslab.com 2. Detecting & Preventing the Xen Hypervisor Subversions - PDF 3. Bluepilling the Xen Hypervisor - PDF

XML Security Issues

Windows Faces Zero Day MHTML Vulnerability

WORM INFORMATION - CLICK HERE

XP SECURITY

Manage Your Computer's XP Security Settings in One Place with ... Understanding Windows Firewall in Windows XP Service Pack 2 - Microsoft Windows XP: Securing your network

WOT - Web-Of-Trust

WOT shows you website reputation ratings based on real human input by millions of web users. Latest version of WOT is 20110704

Zero-Day Attacks

Attackers Employed IE Zero-Day Against Google, Others - 1/14/2010 Microsoft Closes PowerPoint Zero-day Hole - May 12, 2009 The Zero-Day Attack Microsoft Confirms Excel Zero-Day Attack Under Way Zero-Day Exploits Abound at Legitimate Web Sites Microsoft Rocked by New IE Zero-Day Flaw Warning Microsoft Confirms PowerPoint Zero-Day Attack

BOTS (ZOMBIES) - Armies of (Ro)BOTS (Botnets) - INFORMATION

One of the fastest growing Windows computer threats are armies of "Bots" (robots), also called "Zombies". Many people make money by selling software to create these Bots. Bots are usually sent to infect your computer by being distributed in Email attachments, often appearing to be from people you know. There are over a 100 known kits to create bots, for sale (5/2006). Once on your computer, these Bots take over control of your computer and use it to capture fiancial data and your account user names and passwords. These information is often sent, encrypted, back to the criminals for their use. The bots then use your computer to mount attacks on other computers. Monitor Botnet Threats Your Antivirus Can't See - free security tool - BotHunter 6 things you should know about botnet attacks - GCN Invasion of the botnets: Cyberattacks on the rise The First Linux Botnet Botnet threats and countermeasures RUBotted - a free program to find Out if Your PC is Part of a Botnet There are few really good defenses against Bots except for the usual: Symantec has released Norton's ANTIBOT, which I AM using. Anti-Bot is apparently now bundled into Norton's 350 and apparently no longer sold as a separate Utility. Antibot was well-rated by PC Magazine. Here are the usual methods of avoiding BOTs: 1] Never open email attachments, even from people that you know, with out first checking with that person to ensure that they really sent you this particular attachment. I use a pre-designated codeword to let others know that the email is really from me. (you and your email correspondants agree on a particular codeword, for example "PACKRAT" - then you always include the codeword PACKRAT in the Subject line of your Email. Put the codeword close to the beginning of the Subject line, so that is easily viewable in the short display area of your email program. 2] Of course, you are running a hardware Firewall (I hope), but also run a software firewall, such as the free ZoneAlarm. The hardware firewall helps screen out incoming Malware, but one of the duties of the software Firewall is to prevent these Zombies from sending your data OUT of your computer. Click here for more information about Firewalls. NOTE that the Windows XP Firewall can NOT prevent keyloggers from sending your data OUT to criminals, but ZoneAlarm can prevent programs from sending outgoing data. 3] Consider using an email program other than Microsoft's, as most Malware targets Microsoft's software. I use Mozilla's Thunderbird for Email. Spotlight On Bots: The World's Most Un-Wanted Bots - Symantec 1] Denial of Service Bot, aka "DoS Bot" 2] Extortion Bot, aka "Bling Bot" 3] Identity Theft Bot, aka "Bot Simpson" 4] Spambot, aka "Spam-a-bot," "Canned Spam" 5] Fraud Bot, aka "Phishing Bot," "Bot Water" Botnet Floods Major Websites With Fake SSL Connections More Researchers Going On The Offensive To Kill Botnets

BOTS (ZOMBIES) - RECENTLY SPOTTED

BREDOLAB BOT/TROJAN - Still around - 5/28/2011 Pushdo/Cutwail Spambot - A Little Known BIG Problem - 11/13/2009 Mac Threat Alert - first Mac OSX botnet, aka MacBot or iBotnet The First Linux Botnet PC MAG review: Norton's ANTIBOT Norton Anti-BOT - Bots and Botnets - A Growing Threat When Bots Attack! - The scariest threat today is lurking right in your browser Over 1 Million Potential Victims of Botnet Cyber Crime - FBI Cybercrime Information Symantec Bats Botnets with New Tool Internet bot - Wikipedia, the free encyclopedia Bots & Cybercrime - Symantec All About Bots. Trojans And Worms! Botnet - wikipedia Understanding Hidden Threats: Rootkits and Botnets - US-CERT Honeynet.org - Tracking Botnets free Swat It detects/removes over 4000 malware programs (I don't know them) Stop the bots Stop the bots | The Register

ZoneAlarm

Latest Microsoft XP updates (July 8, 2008) seem to have killed ZoneAlarm Pro. I have had to de-activate ZoneAlarm Pro in-order-to get any Internet access. NOW THERE IS A FIX FOR THE ABOVE PROBLEM - Installation of Microsoft Update KB951748 (7/8/08) may result in loss of Internet connectivity. I quit following/using ZoneAlarm many years ago - strictly Norton 360 now. Zone Alarm Pro Version 7.0.483.000 has been released Get Check Point's FREE ZoneAlarm to protect your PC from Intruders ZoneAlarm Tips
ZoneAlarm 5.5 Review - PCworld

FREE Virus Checkers

I don't know anything about these free virus checkers

Free online ActiveScan 2.0 antivirus - requires ActiveX - Panda Security a-squared Web Malware Scanner McAfee Avert Stinger Free Virus Scan: Use ESET's Online Antivirus Scanner Trend Micro - Housecall - requires ActiveX Download Malicious Software Removal Tool - Microsoft Families Cleaned by the Malicious Software Removal Tool Bit Defender - turn off any pop-up blockers Computer Associates - requires use of Internet Explorer? Trend Micro - Free Tools and Services Online special removers Jotti's malware scan - free, online - scans uploaded files - Javascript required Free Antivirus - PCmag Need Anti-virus Software? Try One of These - (Alwil's Avast & Grisoft's AVG Freebyte's Guide to Free Anti-Virus Software AntiVir PE - anti-virus scanner - Freeware Free avast! 4 Home Edition FREE ANTIVIRUS - PCmag says these two lack Real-Time Scanning: BitDefender 8 Free Edition ClamWin Free Antivirus 0.86.2

Free, single file (upload it) Virus Checkers

JOTTI checks a single, uploaded file with 15 Virus Checkers: Jotti - scans an uploaded file with 15 virus checkers (free) See also ON-LINE Virus Checkers

OTHER RESOURCES - Caveat Emptor

The Rainbow Books - NCSN www.malwarehelp.org - Malware Removal Tools Dark Reading - Security Information Dark Reading - Security Services Spyware and Adware - infosyssec.com Secure Root Securians: FAQ - Wiki - a small group by a passion for Information Security Best Computer Security Sites - gizmo.richards Invisible Things Lab focuses on cutting-edge research in computer system security Computers - Security - qjmail.com Published Scoops - governmentsecurity.org Security - Linux / MAC X / Windows - simplehelp.net Downloads - filecluster.com Computer Security Sites - Gizmos's Freeware/techsupportalert.com Top 9 Security Extensions for Firefox BUBL LINK: Computer security Computer Security - dedicated to freely distributing ways of preventing computer intrusion Spyware and Adware - directopedia.org Security and Encryption < Computers and Internet - Yahoo Schneier on (CVomputer) Security Laptop Computer Tracking Software - IT Asset Management & Security 10 part Computer Security 101 Course Security, Programming, Geeky Links - Ross Anderson Security Engineering - The Book (free, online) Security - U of Cambridge - select: Projects, Publications,... Security Fix - Brian Krebs on Computer and Internet Security ... History of Computer Security Black Hat Security Conference Archives Read & follow PCworld's 10-step PC Security suggestions Internet Storm Center - SANS dot ORG "Spyware and Adware" - computer-directory SecurityTracker Computer Security Institute NIST Computer Security Division's CSRC Home page Malicious Software - glopedia.com Internet / Network Security - About.com Security Portal for Information System Security Professionals - Infosyssec F-Secure Security Information Center computer security check Spyware Nation AntiOnline - AO - community of security, network and computer professionals, ICSA Labs - independent organization offering computer security views/opinions Computer, Internet and information security: news, help, advice ... PC Security Post Resources to help you keep your computer secure - Myofb Personal Computer Security howtos and tutorials - geeks RSA - The Security Division of EMC Computer Security - CSOsearch Spyware Survival Guide Computer Security News - best-computer-exposed.info Wilders Security Forums Computer Security Site dot com Linux Security dot com Spyware and Adware - Security Roadmap Security Worm - software & books NIST Computer Security Special Publications CERIAS - COAST Homepage nsecure.Org - Nmap Free Security Scanner, Tools & Hacking resources Top 100 Security Tools NewOrder - computer security and networking portal Russian Business Network (RBN) theitsecurityguy blog GOOD, BUT DANGEROUS MALWARE WEB SITE - ONLY FOR MALWARE PROFESSIONALS THIS SITE DEALS WITH LIVE MALWARE - YOU NEED TO KNOW WHAT YOU ARE DOING: http://www.malwareinfo.org/

Apache Security Problems

Apache HTTP Server Vulnerability Lists Apache Web Server Under Stealth Attack - 5/4/2011

iPhone (Apple's)

More Than 225,000 Apple iPhone Accounts Hacked Some iPhones locked for RANSOM, Some credit details shared to allow anyone to use YOUR account. Siri will let anyone into your phone - komando.com Seven different ways anybody can get into your iPhone in seconds - komando.com A new, different Apple security flaw discovered KIM'S important security updates about the major security bug found in Apple gadgets. Simple hack lets thieves turn off Find My iPhone - Komando.com iPhone apps send more data with outside companies than Android apps do New worm creates botnet out of jailbroken iPhones (informally called "Duh" or "Ikee.B") Another iPhone worm - and this time it's malicious Hacked iPhones held hostage for 5 Euros World's first ever iPhone worm, ikee, discovered in the wild The iPhone may be immune to existing variants of crimeware. The iPhone is only capable of running one task at a time - therefore Malware can not run in the background. using SMS to attack Apple's iPhone and Google Android SMS vulnerability on iPhone - 7/5/2009 iPhone OS 3.0 brings 46 security patches - 6/18/2009 6 Major Flaws in iPhone. Will Consumers Still Spend the Money? - June 2009 iPhone Flaws - Cut & Paste Coming Soon See also: WORMS, RECENT ATTACKS

APPLE / MAC / OS X / Snow Leopard / iPOD and QuickTime

NCSU researcher discovers serious vulnerabilities in Apple iPhones, iPads Apple patches triple iOS security threat Apple loses patent ruling in China, but order to halt sales of two iPhone models is put on hold Uninstall QuickTime for Windows because Apple won't patch zero day flaws - 4/22/2016 How can the Siri attack, 'iStegSiri,' be mitigated? - Apple's Siri A photo of your finger can bypass Apple Touch ID Apple has blocked the infected apps so they won't run on a Mac or iOS. This will stop the attack temporarily Horrible virus attacks iPads and iPhones - ALERT Hackers hijack a top Internet site to take over your APPLE [MAC] COMPUTER computer - Mac.Backdoor.iWorm virus APPLE RELEASES VITAL SECURITY PATCH FOR MACS - Update All Apple Devices Immediately A new, different Apple security flaw discovered KIM'S important security updates about the major security bug found in Apple gadgets Flashback malware exposes big gaps in Apple security response Mac Flashback Trojan: Find Out If You're One of the 600,000 Infected - 4/2012 An Escalation in the Mobile Zombie Cookie Wars UI Spoofing Safari on the iPhone Insecure Handling of URL Schemes in Apple's iOS QuickTime was updated to version 7.7.3.0 - 1/5/2013 iOS 4 Lock Screen Security Flaw Grants Access to Contacts New Java trojan attacks Mac OS X via social networking sites... QuickTime version 7.7.2.0 was released on 10/01/2010 Will Apple's Safari Fall First in Hacking Contest ... Again? Scammers Hop on iPad Bandwagon Mac shoot-em-up arcade game called "Lose/Lose" DELETES your files Flood of BOGUS (Malware)Codecs for MACs are very abundant. Apple Working On Fix for Snow Leopard Bug Snow Leopard Bug Deletes All User Data How good is Snow Leopard's built-in anti-virus protection? Apple ships a known vulnerable version of Flash with Snow Leopard - Downgrades Adobe Flash Snow Leopard downgrades security and misses opportunity to improve Guest blog: Sophos Anti-Virus supports Snow Leopard Boobytrapped images pose threat to Apple users Two New OS X Attacks Bite Apple - 6/17/2009 Tored email worm rears its head on Mac OS X Mac Threat Alert - first Mac OSX botnet, aka MacBot or iBotnet Mac OS X CoreGraphics PDF Type1 Font Integer Overflow Vulnerability Apple Macintoshes Targeted by Porn-Based Computer Virus Back To My Mac - What Could Possibly Go Wrong... Go Wrong... What is Leopard Sandboxing? More Leopard Security Security Firm: Don't Use iPhone Web Dialer iTunes is now at version 7.3.1 ?? (I don't use it, so I don't really know what's the latest) Apple Shuts Down IPv6 Security Hole Windows VISTA May corrupt iPODS, apple warns Apple: Vista May Corrupt iPods - Software - IT Channel News by CRN ... Vista's Safely Remove Hardware feature & Windows Explorer Eject may corrupt iPods Mac Hacked Via Safari Browser iPod Virus - Well, no, not really DRM hacker has cracked Apple's iPod protection Virus wormed into Apple video iPods - October, 2006 Pod slurping - the mounting threat to your network Mac Malware: Slow but Steady Evolution Mac OS X Security - January 2007 More Mac Bugs Through This Month Apple security updates Apple - Support - Product Security The first flaw in the Apple bug-a-day project is an easy-to-exploit QuickTime issue Exploit Code Published for Apple OS X Glitch Apple: Beware of Rigged QuickTime Movies - Upgrade to QuickTime 7.7.2.0 Apple has released an update to the firmware for their Intel-based Macs DRM hacker has cracked Apple's iPod protection Defective By Design Org is protesting Apple's DRM strategies Apple Ships Patch for MacBook Wi-Fi Hack

Programming Language Vulnerabilities

AJAX Vulnerabilities | C# Vulnerabilities | PYTHON Vulnerabilities | RAILS Vulnerabilities | RUBY Vulnerabilities | TOP of this Complete Computer Security Web Page INDEX of this Complete Computer Security Web Page

OTHER INFORMATION

Search Engine Submission - AddMe Increase Page Rank I created these websites ONLY to provide free information to help other people. I am NOT a business of any kind, and make NO money providing this information. I AM NOT RESPONSIBLE FOR PROBLEMS, INCLUDING ERRORS. I apologize, but I am not able to help with your problems Please try HERE to find sites that may be able to Help you There is NOTHING for sale here - Feel free to link to any of my web pages I AM NOT RESPONSIBLE FOR ANY PROBLEMS, INCLUDING ERRORS