sfsw tech newsletter

This one is scheduled to bombard the Microsoft website in a Denial of Service attack.

posted by Unknown @ 1:40 PM

Infected? MyDoom removal

F-Secure Computer Virus Information Pages: Mydoom offers removal instructions for the MyDoom virus.

Manual Disinfection

Getting rid of the virus on your system is not very dificult. There are plenty of links on the above page for automatic removal, but to manually remove it follow these steps precisely:

1. Delete these registry values and reboot the computer:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon]


[HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon]


[HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32]

2. Delete the worm from the Windows System Directory: (/windows/system usually).

%SysDir%\taskmon.exe


and its backdoor component from:


%SysDir%\shimgapi.dll

The virus will now be deactivated. The harm it does may not become undone, and like most viruses, it is essential to remove it from ALL machines before restarting your network. Latest news is that it also affects the Kaazaa file sharing system - widely (and illegally) used for Music Sharing and that may pose a problem of reinfection.

Head in the Sand

Once you have got rid of the virus, be alert for a repeat performance. Tighten up the firewall to your net connections, eradicate any KaaZaa activity (except on isolated PCs). Include in your planning contingency to re-install Windows. Your IT dept should setup a series of "clean machines" ready to move into place of infected machines, which must be taken off the network immediately.

Do not leave it until another hour is up. Any of our (Auckland) customers wanting assistance should contact us right away.

Closing Ports

Network adminstrators should also close off TCP ports from 3127 to 3198 until 12 February 2004 at the firewall.

Peer to Peer danger

The Virus infects the Kazaa network. It installs itself in the Kazaa folder with one of these names:

• winamp5
  
• icq2004-final
  
• activation_crack
  
• strip-girl-2.0bdcom_patches
  
• rootkitXP
  
• office_crack
  
• nuke2004
  

EMail titles

The emails sent by this virus have so far been given these subject lines:

test

• hi
  
• hello
  
• Mail Delivery System
  
• Mail Transaction Failed
  
• Server Report
  
• Status
  
• Error
  

Therefore, any email you receive until February 12th with these subject lines should NOT be opened on a Windows machine. We advise using an isolated Linux network for web browing and email.

posted by Unknown @ 11:09 AM

Virus Alert

"mydoom" spreading across the Windows world

"MyDoom" Appearance

F-Secure Corp. in Finland, estimated that 200,000 to 300,000 computers were hit worldwide (so far). They give it a "Radar" rating of 1 meaning "Highest level alert. Worldwide epidemic of a serious new virus."

The worm infects Microsoft Windows. It is arrives as an attachment to email that claims to be a system operational file probably descibed with jargon.

Mydoom does not attempt to trick victims by promising nude pictures of celebrities or mimicking personal notes.

Instead, one of its messages reads: "The message contains Unicode characters and has been sent as a binary attachment."

Any email with attachments is suspicious. Only ever open an email attachment if you know what you are receiving. If you have arranged to have someone send something.

Each time you open your computer to the world it is open to attack. If the Operating System provides unclear messges or does not speak English, you are doomed by a barrage of complexity, the MyDoom virus takes advantage of a deafness to error messages that develops from using an operating system that too often exposes the user to cryptic details for technical developers.

There are two things that are stupid on the internet.

You can protect yourself, but the bugs are working hard on finding a way through defences. The best defence is behavioural.

Do not believe the claims made in email. Implement a secure email system.

Use Mac OSX or Linux to access the Internet.

posted by Unknown @ 11:59 AM

Infallible Security

Is there such a thing as infallible security on the internet? Not according to the US military who designed the internet as a digital free for all, so they could catch commies? Probably. But are they correct to suddenly conclude that the internet is inherently unsafe or is this nonsense?

Cars are inherently unsafe, and yet we drive them. Voting fraud may be achieved in all sorts of ways but the simple vision of a lone hacker swinging the US presidential election is just fiction.

For a start, it is easy enough to design a proprietory double key two way checking algorhythm using simple mathematical techniques that creates huge self checking numbers and by weaving that into identification information and the time, a computer program can "lock" information to its source.

But IP addresses can be spoofed, so how can you track fraud. You do not track fraud. You design the system so that fraud is ineffective.

But any complexity in the system, and nobody is going to use it. It has to be a touch screen idiot box that simply photographs your thumbprint and face, turns the thumbprint into a random number and secures your identification with that. Every vote can be proven and strongly encrypted on secure channels that are also encrypted. If there is a false vote, there is a data trail and it can be prosecuted. There is no need to transmit any of the original data that can be stored in an encrypted form.

The difficulty is to provide the identity check on the internet terminal. Enter your drivers licence is just harder than walking down to a voting booth and allowing someone to inspect it. But do they do that? No, they just cross your name off a list. How do they know the list is not full of dummy names?

How is that more secure than a data trail?

posted by Unknown @ 11:26 AM

Search Engine Optimisation

What do you hope to achieve? In the sea of search engines that users use to find sites, you hope to come up on the first page for certain important search terms, or combinations of words.

So how do you bubble up to the top? By concentrating on the right words and concepts and making your primary webpage relevant to those terms.

Links

Not recommended services, but examples of how people charge for search engine optimisation.

• Expensive - professional service - $US 7,000 per month -
  prices
  
  
• Inexpensive - Do it yourself software kit $US 49.95
  trafficexposer - software
  
  
• Free - Free - Axandra Software
  
  

posted by Unknown @ 1:10 PM