Last night I saw a banner ad for a “new” version of Risk. I use to play Risk, the board game, many years ago and thought this looks like fun. So I downloaded and installed it. With in a couple of minutes, ESET NOD32 was blocking downloads from a site I wasn’t at. Next time I went to use google to search for something, my search results were being redirected. Looks like it installed some malware on my computer. Most likely it’s some sort of XSS cross scripting exploit.
Read the rest of this entry »

Just a quick warning about a couple of e-mails that had a virus attachment. They are both pretending to be from U.S. Shipping companies.

First we have this one from “UPS”

From: UPS Manager Romeo Law [delivery@ups.com]

Subject:  UPS Delivery Problem NR 08488.

Dear customer!

We failed to deliver the package sent on the 6th of January in time because the recipient’s address is incorrect.

Please print out the invoice copy attached and collect the package at our office.

United Parcel Service of America.

Dear customer!
We failed to deliver the package sent on the 6th of January in time
Read the rest of this entry »

If you follow this blog, you know that I did an article on the first stable release of Namp http://www.pccybertek.com/2010/01/nmap-5-20-released yesterday. Now that it has been out for a week, Fydor has already released another update, Namp 5.21 which is also a stable
release and not a beta. It’s mainly just a bug fix release. So I have updated the download section here with a link to the 5.21 release, which is on the right column about 3/4 of the way down the page. My download link is directly to the file on the insecure.org website or you can go to the Nmap download page yourself.

But I don’t want to just tell you about the update, I’d like to offer you some more since you took the time to stop by here. So here is a link to Iron Geek’s Baisc Nmap Tutorial video. And if already know the basics and would like to move on to some more advanced lesson, here is Iron Geek’s Nmap Video Tutorial 2: Port Scan Boogaloo Happy port knocking.

Some how this one slipped by me because it was published by Adobe on the 19th.

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided above.

This update resolves a buffer overflow vulnerability that could potentially lead to code execution (CVE-2009-4002).

This update resolves multiple integer overflow vulnerabilities that could potentially lead to code execution (CVE-2009-4003).

Download Adobe Shockwave Player version 11.5.6.606  here

You can find out which version you have by going here Test Adobe Shockwave Player

Fydor has released Nmap 5.20. This is the first stable release, or non beta release, of Nmap since July 2009. And like usual, it has a lot of nice improvements and upgrades. If I could only have one security tool, Nmap would be it. It’s the first, and sometimes the only, program I run when I want to do any kind of security audit or if I want an inventory of  the LAN and which services are running .
Read the rest of this entry »

For quite sometime, the post date format has not bee what I wanted. It was displaying day-month-year ( 21-1-10). This was confusing some of my readers. I tried to change it in the WordPress dashboard under Settings, but it never made a difference. I searched for a solution and found several people had the same problem but no one actually had a good answer. However, one of the posts refered me to Customizing the Time and Date and while this was just the formatting of the date and time, it did give me a clue of what to look for.

WordPress is written in the programming language PHP. The date formatting functions in WordPress use PHP’s built-in date formatting functions. You can use the table of date format characters on the PHP website as a reference for building date format strings for use in WordPress.

Armed with this information, I went to my WordPress dashboard and clicked on Appearance and then Editor. Then I started going through the Template Theme files. Sure enough, I found <?php the_time(‘D, m-d-Y’) in the Main Index Template (index.php) file. So I went back to the Format  page to see what options I had and decided on the day, month-date-year for my format. So I changed <?php the_time(‘D, m-d-Y’) to <?php the_time(‘D, m-d-Y’) and then clicked on update. And as you can see, the dates of my posts, on the main page, now have the post date formatted the way I wanted.

The other place you can change the time and date format is in Single Post (single.php) which I did a little different that my main page. I decided to go with l, F jS, Y which will look like: Friday, January 22nd, 2010

UPDATE: I found a couple other places that needed to be changed in my theme. So here is a list of the files that I could change my date format in.

Archives (archive.php)

Comments (comment.php)

Main Index Template (index.php)

Single Post (single.php)

Hope this helps. If you have any questions, leave me a comment and I will try to help.

At one time I was going to make at least one free software recommendation a week. At some point I realized that in order to do this, sooner or later I would either run dry of suggestions, or make suggestions of products I really haven’t throughly tested. So I changed my mind and decided to only write about programs I have used for quite some time and really like. One of the first was Miro

Tonight’s pick is an all in one Instant Messenger, E-mail and Social Network client called Digsby. I’ve been running Digsby for around a year and it is really nice. I’ve set it up to connect to my AIM, MSM, Yahoo Chat, Facebook, Myspace, Twitter and all my various e-mail addresses. It sits nicely in my system tray and when I click on it, it pops up a sidebar on the left side of my screen that lists all the services I have it monitoring. If I click on the MSM bar it expands so I can see who is online and if I click on anyone who is online, I’m chatting with them just like I was running MSM. Instead of having to load all those different chat programs, I just run Digsby. Of course there are other programs like this, I use to run Trillian but it felt kinda clunky me and I haven’t tried the newer version of Trillian which now also supports Twitter and E-mail. However, I see Trillian still offers a pro version which isn’t free so it doesn’t totally fall into my “Free Software” category. Digsby also has several options for notification. Mine is configured so it pops up a little alert window. This is real handy for Twitter. I see the complete tweet and have options to retweet or reply to it. If I click on the notification window it will take me to that tweets page and I will already be logged in to Twitter. The same goes for any notification window, by clicking on it. If it’s one of my webmail accounts, I will be logged in and taken to that e-mail, or if it’s a pop mail account, it will launch whatever application you have chosen for your e-mail, such as Outlook.
Read the rest of this entry »

Here we go again. This isn’t news hot off the press, but I decided I should post about it here just in case some of you have missed it. There has been another Adobe Acrobat Reader exploit, CVE 2009-4324. Since it was first disclosed back in the middle of December, it has grown even nastier. The Internet Storm Center over at sans.org has a good analysis of one of the current variants.

There are still a couple days before Adobe releases a patch, which will finally be released on Jan 12. Adobe suggests you disable Java support until then. This is not the first time this has happened. What I’m suggesting is that even after this is patched, just keep Java disabled. If you open a PDF file that requires Java support, you could always turn it back on. With so many exploits in the wild, and how long it takes for the anti virus vendors to discover them, this one won’t be fixed for almost a month since it was first disclosed publicly, it’s better safe than sorry. Just disable Java support for good. Here’s how to disable Java support in Adobe Acrobat Reader

quoted from Adobe.com

SOLUTION

Customers using Adobe Reader or Acrobat versions 9.2 or 8.1.7 can utilize the JavaScript Blacklist Framework to prevent this vulnerability. Please refer to the TechNote for more information.

Customers who are not able to utilize the JavaScript Blacklist functionality can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

Customers using Microsoft DEP (“Data Execution Prevention”) functionality available in certain versions of Microsoft Windows are at reduced risk in the following configurations:

All versions of Adobe Reader 9 running on Windows Vista SP1 or Windows 7
Acrobat 9.2 running on Windows Vista SP1 or Windows 7
Acrobat and Adobe Reader 9.2 running on Windows XP SP3
Acrobat and Adobe Reader 8.1.7 running on Windows XP SP3, Windows Vista SP1, or Windows 7
With the DEP mitigation in place, the impact of this exploit has been reduced to a Denial of Service during our testing.

Watch your docs and surf safe

Just got an e-mail that says it’s from e-cards@hallmark.com with the subject: You have received A Hallmark E-Card! It had an attachment called Postcard.zip which was identified by my antivirus, I use NOD32 by E-Set

__________ ESET NOD32 Antivirus warning, version of virus signature database 4693 (20091216) __________

Warning, ESET NOD32 Antivirus found the following threats in the message:

Postcard.zip – probably a variant of Win32/Merond.AA worm – deleted
Postcard.zip > ZIP > document.chm .exe – probably a variant of Win32/Merond.AA worm – was a part of the deleted object

This came from one of my works TV affiliates mailing list. So I am guessing it is one that goes through your address book and sends itself to everyone on there.

Figured this was also a good time to remind people to be careful with any “e-cards” they get. Watch out for infected attachments, as was the case with this one, and watch for links that send you to websites designed to infect you or steal your identity / information.

Phishing scams seem to keep on rolling. Recently I have been seeing a lot of them that claim to be survey companies. They aren’t too hard to spot. The e-mail address that they supposedly come from, may be a legit survey company.  In the body they will ask you to register by filling in all your information like name, address, phone number etc. and send it to and email address that is in the body of the e-mail. This is what makes it so easy to spot. The e-mail address they want you to send your “registration” info to is different than the one listed in the header and usually a variation of it. For example, I got one that said it was from register@surveys.com in the e-mail’s header, yet they wanted you to send your registration information to surveys@gmail.com or @yahoo.com or some other address. If these were legit, they wouldn’t have you register by e-mailing your information and to an address that’s different from where it supposedly came from. I don’t think any of them would have you e-mail them your information at all, you would register on a website. So far I have seen 6 variations of this in about a week. I wouldn’t be surprised if they actually set up websites with registration forms next. Just to be safe, I would never send identity related information to anyone no matter what they claim they need it for,  unless you expected the e-mail in the first place. Remember, just because an e-mail says it’s from someone, this can be spoofed to say anything.