January 2008 Archives

Good article from January 29, 2008. I have the opening piece and then the pullout tips from Page 2 below. The watch for garbled text in the Google snippet is something that I plan to look for now.

link: How to use Google and stay safe

How to use Google and stay safe

Booby trapped sites need careful handling - and there are loads of them out there.

“Beginning on November 24 and continuing for less than a week, bad guys loaded up more than 40,000 Web pages with malicious software and thousands of common search terms. They then employed an automated network of malware-infected botnet computers to link to those sites in blog-comment spam and other places…”

How to search safely

"Though this attack was crafty and effective, security experts say there's no need to stop using Google, as long as you take some precautions. Most important: Keep your software patched and up-to-date. The attack sites used a programming kit called the "404 exploit framework," which hits known software vulnerabilities, says Roger Thompson, president of security software maker Exploit Prevention Labs.

You can close most of the targeted holes by enabling the automatic-update features for Microsoft Windows, Mozilla Firefox, Apple QuickTime, and other critical software, but you should also update to the latest version of WinZip, a targeted program that doesn't have an auto-update feature.

And don't let your guard down just because your software is current. Attack sites will often employ social-engineering tricks when they can't worm into your PC through software holes. On its blog, Sunbelt provides an image of a common attack pop-up that attempts to trick you into installing a fake video codec that then tries to exploit a vulnerable PC. Your sharp eye can also catch many of these bogus results before you click. Watch for seemingly garbled text such as "vpn passthrough sting maphack light Motorola" in the text snippet shown for each search result. If the listing is for an oddly named page such as "leuwusxrijke.cn/769.html," it could very well be a land mine.

This site http://www.utipu.com/ allows you to show folks how to do tasks on your computer. Sign up is free. With just a few clicks their software, TipCam, records a video of your screen and posts it for sharing. Downside is that the video is on the UTipU server but you can put a link from your Website to your video.

Look over some samples here.

http://www.utipu.com/app/categories

Sample training clip: http://www.utipu.com/app/tip/id/598/

Here is a sample from me as well called Set Outlook Contact's as Primary Address Book.

http://www.utipu.com/app/invited/id/8463a3753d0744f4922354ed8767ccca

Symantec is warning of a "man-in-the-middle" attack. It's made the main stream news see the pull out quotes below from this article: Symantec issues `Silentbanker’ virus warning

Here are the Symantec pages on the virus.

http://www.symantec.com/enterprise/security_response/weblog/2008/01/banking_in_silence.html

http://www.symantec.com/security_response/writeup.jsp?docid=2007-121718-1009-99

According to Symantec, if you have Windows updated and SAV updated, the computer is protected from getting the infection, so College staff should be in the clear.....

------------------------------

“In what is being billed as one of the most sophisticated cyber attacks to hit the Internet, a virus has been released that gets between computer users and their banking websites, giving thieves free rein to drain accounts and wreak financial havoc on their victims.

Dubbed the "Silentbanker," the virus is a Trojan horse computer users may unknowingly download by simply browsing the Internet. The first sign it's at work may be a bank notification warning their client has been a victim of fraud.

More than 400 banks -- including some in Canada -- have been targeted worldwide by the virus, which operates in many languages, said Symantec, a global security company tracking the progress of the Trojan.”

"Unlike conventional cyber banking frauds -- in which bank clients are steered to a bogus website masquerading as their own institution's online site -- Silentbanker uses the genuine bank website and is able to manipulate the user's account without the client's knowledge.

Payments are steered into a hacker's account, or cleaned out altogether, before transactions can be encrypted.

It can also be used to steal credit card information and passwords.

When a banking client signs on to their banking website, the hacker is a silent third party, remaining completely hidden and making no changes at all to the site the banking client is seeing.

All the functions, from transferring funds to paying bills or checking credit card balances, remain the same and continue to work, thereby giving the user no cause to suspect they've been compromised."

On Saturday, January 12, 2008 4:28 PM I received the following email from Penn State Blogs Pilot [blogs@psu.edu] that said in part:

We are pleased  to announce that the upgrade to Blogs at Penn State  is complete.  Documentation for the new system is at http://blogger.psu.edu/gethelp. Some changes to note

 

1) If you go to http://blogs.psu.edu you will notice two login options in the upper left.

 

* Select "Access Old Blogs from before December 2007"  to login to the old system

* Select "Login to New Blog System" for the new blog system

You will be able to quickly transfer your data between blog platforms  (see "Migration Guide" on http://blogger.psu.edu/gethelp). However you will have to reconfigure your sidebar and select a new style.

My Notes:

1. I was unable to export the text file from my old blog as indicated on Page 7 of the Migration Guide. Since I was using Internet Explorer 7 I would see a File Download - Security Warning for a "mt_cgi" file. Even saving it as a text file would not work along with the steps. Brad Kozlek from the PSU Blogs Pilot (blogs@psu.edu) was able to quickly help me by saving the needed text file for me. Then I could import the data.
2. You need to select your blog to manage it. I was unable to search for terms like Vince Verbeke or keeper. I hadto scroll through the list of PSU blog entries to find mine.  
3. To change the sidebar and the style as indicated in the note, you need to choose Design ... Templates and Design ... Styles choices.
4. Don't rename the "First Widget Manager" to another name. This will cause your Widgets to revert back to a default that is tough to get back. So, leave that name as is, then use the Design ... Widget Sets to remove the unneeded widgets and create your own.