Hillpark Computer Specialist

new virus

noreply@blogger.com (Harris) — Wed, 21 Oct 2009 07:14:00 +0000

src=http://anydisk.anyprinting.com/webfolder/index.php
src=http://weihua.ca/_vti_txt/medicalplan.shtml.php
src=http://spielwaren-carl-loebner.de/shop/team.php
src=http://nextage.co.il/config/referer.php
src=http://nextage.co.il/config/referer.php
src=http://spielwaren-carl-loebner.de/shop/team.php

I found this fucking virus in my website's file..

If you are not sure where its came, juz check all your .js file.

Hardware hacking a cat and mouse game

noreply@blogger.com (Harris) — Mon, 12 Oct 2009 15:25:00 +0000

KUALA LUMPUR: If you ask Joe Grand, president of Grand Idea Studio — an R&D and product design company, he’ll tell you that no piece of hardware can ever be safe enough from hackers.

“If something has electronics running inside, it can easily be tampered with, and many such products are susceptible to being compromised by even simple attacks,” he said.

According to him, hardware hacking has recently reappeared on hackers’ radars because of the plethora of easily available tips and tools available on the Internet.

He said the tools of the trade are very affordable and for a paltry sum experienced hardware hackers can have a die made of the circuit board they wish to hack.

This form of outsourcing is something new in the hardware hacking world, Grand said in his keynote address at the recent Hack in The Box Security Conference (HITBSecConf) here.

“Things that used to be difficult to do for hardware engineers and hackers have become so easy that there really isn’t any excuse now for hackers not to hack into hardware,” he said.

A mix of new and old methods can also help with the process of hacking hardware.

Citing an incident where he hacked into parking meters in San Francisco, Grand applied social engineering techniques to learn how the meters worked. “and the officials were only too happy to tell me everything.”

With that information and some software tools, he managed to confound the system running the parking meters into granting him US$999.99 (about RM3,600) worth of parking time.

“I didn’t use it, of course. I informed the city council about it and they are currently doing something to fix (the loophole in the) system,” he said.

Another trend that is making the job of a hardware hacker even easier is product enthusiasts disassembling a product and then posting detailed pictures of its components on the Internet.

“This shows hardware hackers what kind of components are used to build the product, which can clue them in to its vulnerabilities,” he said.

Good and bad

Just like with any other hacking activity, hardware hacking can lead to detrimental consequences, such as service theft or having your product cloned by unscrupulous parties.

But there is a silver lining, Grand said. If product developers make an effort to understand the skills of hardware hacking, they will be able to build a more secure product.

He said hardware designers usually leave a lot of clues on how to hack into a product because they are always in a hurry to put the devices on the market and place little emphasis on security.

Grand said hacked hardware is probably a more costly problem to solve than hacked software.

“In the software world all it takes is an inexpensive patch but it’s not that simple when it comes to hardware. A lot of times, it requires the companies to issue a new version of the hardware which can be a costly fix,” he said.

Having said that, Grand believes that it is impossible to devise a totally secure hardware product, no matter how much a company chooses to spend on this. The trick is for the company to keep staying ahead of the hackers.

“It’s a cat and mouse game. Hardware developers will try to make their products secure but there’ll always be an unplugged hole somewhere,” he said. This keeps everyone on their toes.

British hacker loses latest extradition appeal

noreply@blogger.com (Harris) — Mon, 12 Oct 2009 15:24:00 +0000

LONDON: A British man accused of hacking into US military computers has failed in his latest bid to avoid extradition to the United States.

Gary McKinnon is charged with breaking into dozens of computers belonging to Nasa, the US Department of Defense and several branches of the US military soon after the Sept. 11, 2001, terrorist attacks. US prosecutors have spent seven years seeking his extradition.

McKinnon claims he was searching for evidence of alien life, although prosecutors say he left a message on an Army computer criticising US foreign policy.

Friday’s decision denies McKinnon the possibility of taking his case to Britain’s new Supreme Court — the latest in a series of blows to his campaign to remain in Britain.

Lord Justice Stanley Burnton said that extradition was “a lawful and proportionate response” to McKinnon’s alleged crimes.

McKinnon’s attorney, Karen Todner, said she was not giving up.

“The legal team are now considering our position and we will exhaust every avenue to prevent Gary’s extradition,” she said after the ruling.

McKinnon’s supporters argue that the 43-year-old is autistic and should not be put through the ordeal of a custodial sentence across the Atlantic.

His case has attracted significant attention in Britain, where it has served as touchstone for debate about the country’s fast-track extradition treaty with the United States — signed in the wake of Sept 11 — and wider US-British relations.

McKinnon’s mother, Janis Sharp, said that her government was too willing to send its citizens to the United States “as sacrificial lambs” to safeguard the pair’s “special political relationship.”

“To use my desperately vulnerable son in this way is despicable, immoral and devoid of humanity,” she said after the ruling.

Britain’s Home Office, which would ultimately be responsible for handling McKinnon’s extradition, said only that it had noted the decision. — AP

Autowait for rapidshare for firefox- no need to wait anymore

noreply@blogger.com (Harris) — Tue, 08 Sep 2009 03:24:00 +0000

Script Summary:
Script to automatically download files from rapidshare as free user. More advanced, deals with all possible errors and responds accordingly. MOTTO: "Just open all links in the tabs and go play outside;-)"
Version: 1.0.18 (Aug 20, 2009)

MOTTO: "Just open all links in the tabs and go play outside;-)"

This script can automatically download files from RapidShare.com. On the first page it clicks on Free Download, then it waits until the download is ready (this also deals with all possible errors - another download in progress, 15 minute limit, session expired, .. can be extended easily). Then it waits those few seconds during countdown and clicks on the download link.

It means that if you set up Firefox to download rar files without asking and set up a default download directory, you really don't have to care about anything else. You will still need to wait all those timeouts and countdowns, but you won't have to sit in front of your computer to do that;-)

The script also displays status messages in the window title, so you can see how all your files are doing.

I would really like to hear your opinions, or if you found a bug or want an improvement, just let me know.

Please click button to install

Berjuta gagal layari Google

noreply@blogger.com (Harris) — Sat, 16 May 2009 05:47:00 +0000

WASHINGTON - Gergasi enjin carian Internet, Google memohon maaf kelmarin selepas masalah teknikal menyebabkan berjuta-juta orang tidak dapat menggunakan perkhidmatannya termasuk Mel Google dan Berita Google.

Gangguan sejam itu tidak terhad kepada pengguna Internet di Amerika Syarikat (AS) malah kebanyakan negara lain turut menghadapi masalah sama.

Perkhidmatan lain yang terjejas ialah Peta Google dan laman web perkongsian video, YouTube.

Pelbagai aduan dan komen orang ramai mengenai gangguan perkhidmatan syarikat yang menguasai lebih 60 peratus pasaran enjin carian di AS itu disiarkan di laman blog Twitter.

Di beberapa tempat, orang ramai tidak dapat menggunakan laman web Google manakala enjin carian itu amat perlahan di beberapa kawasan lain.

Kenyataan syarikat itu menyatakan gangguan berlaku apabila salah satu sistem Google mengalami masalah menyebabkan banyak laluan web dilencongkan ke laluan Asia sekali gus mencetuskan kesesakan.

"Kesannya, kira-kira 14 peratus pengguna kami mengalami perkhidmatan yang perlahan atau gangguan penuh," kata kenyataan Google.

"Selama ini, kami bekerja keras bagi memastikan perkhidmatan yang disediakan berjalan dengan pantas dan boleh digunakan pada bila-bila masa. Gangguan seperti itu memalukan kami.

"Kami memohon maaf dan anda mendapat jaminan bahawa kami akan bekerja dengan lebih keras bagi memastikan masalah serupa tidak akan berlaku," tambahnya.

Syarikat enjin carian yang beribu pejabat di California, AS itu menyatakan, gangguan berlaku kira-kira pukul 9.48 malam waktu Malaysia dan berakhir sejam kemudian. - AFP

Google Maps Malaysia launched

noreply@blogger.com (Harris) — Fri, 15 May 2009 00:36:00 +0000

GOOGLE Inc has launched Google Maps Malaysia (http://maps.google.com.my), a new search platform that enables users to find local geographic information on their personal computers and mobile phones.

These include online maps, satellite imagery, driving directions, addresses and business listings, Google said in a statement today.

Google's Southern Asia product manager Andrew McGlinchey said Google Maps Malaysia was an exciting step forward in helping Malaysian users quickly and easily find the local geographic information.

"Google's dynamic and collaborative geographic platform allows consumers to create personal maps and enables businesses to connect with customers through virtual maps," he said.

Users can search for local businesses and points of interest, check out what events or movies are going on nearby, advise visiting friends and tourists on local attractions, research the locations or properties to buy or rent, and even locate dining, shopping or nightlife options, Google said.

Google's Southeast Asia head of marketing Derek Callow said Google Maps Malaysia enabled local users, businesses and developers to contribute and share their information.

"This is a great start and we're looking forward to working with many more Malaysian organisations to enhance the quality, features and usefulness of the local version of Google Maps," he said.

An expensive Dream

noreply@blogger.com (Harris) — Mon, 20 Apr 2009 03:17:00 +0000

The Logitech Pure-Fi Dream, a clock radio for the iPhone and iPod, has a nice mix of design and functionality.

There are plenty of ways that I’d like be woken up in the morning, and top on that list is to be (a)roused by a beautiful supermodel.

However, since that’s not very realistic, I’m quite content to stick to my alarm clock radios.

The Pure-Fi Dream is a stylish clock radio that also functions as an iPod and iPhone-compatible music system.

Created by Logitech as a premium product in their Pure-Fi line, this is a good looking model that you can realistically take into your bedroom.

Looks dreamy

The first thing you’ll notice about the Pure-Fi Dream is that it’s pretty sleek-looking.

It has a curved, bean-shaped body with cloth grill speakers on both ends and the iPod/iPhone dock sitting at its front.

The glossy black finish is complemented by the glowing orange buttons — mostly situated on the top of the device — and similarly coloured display screen. And it will fit neatly into any modern bedroom.

The Pure-Fi Dream isn’t entirely compact, so while it’ll make an eye-catching addition to any bedside table, you’ll probably want to clear out some space for it first.

It’s about 35cm wide and 14cm deep, and that’s not even counting the bulky power supply.

Visit : www.logitech.com for more review about this gadget

Say goodbye to mouse lag

noreply@blogger.com (Harris) — Mon, 20 Apr 2009 03:11:00 +0000

A4-TECH recently unveiled its G7-630 wireless mouse for Windows and Mac users that promises full speed and no delays.

The 2.4GHz-based 800dpi mouse comes with a two-way communication technology and error correction capability to speed up data transmission and increases wireless precision, the company claimed.

Additionally its built-in auto channel hopping feature automatically detects and secures available channels in the busy public 2.4GHz universal bands to prevent connection loss.

The mouse works up to 15m, making it suitable to be used to control a media centre in the living room while you lounge around comfortably on the sofa.

Its mini-receiver is given a gold-plated surface treatment to ensure transmission efficiency and stability, A4-Tech claimed. When used with a laptop, the “plug and forget” receiver is small enough that you can let it stay inserted in the USB port even when you pack the laptop away.

There is also a small hidden compartment underneath the mouse to house the mini-receiver when it is not in use.

Other notable features inlude the Three-Shiftable Report Rate and Eight Gestures options. Users can select three different report rates, including 2ms, 4ms and 8ms, to deliver smooth and accurate cursor control depending on the task.

The faster speed is highly recommended when playing fast moving PC games, A4-Tech said.

Meanwhile the Eight Gestures option is to quickly issue commands in an application — users can continually press the right button and move the mouse to one of the eight predetermined directions to activate the function.

The RM99 mouse is powered by a single AA battery, which can last up to 1,000 hours depending on usage, said the company.

Gamers smash world record

noreply@blogger.com (Harris) — Mon, 20 Apr 2009 03:08:00 +0000

The gamers who participated in Cyberfusion’s One Nation Cyberjaya world record attempt for the longest LAN party have succeeded in style.

Supervised by officials from the Guinness World Records, Malaysia now officially holds the world record for longest LAN party.

Starting at midnight on Saturday and ending at 4pm on Sunday, 274 gamers played non-stop for 40 hours.

The participants brought and boasted the power and superiority of their own computers while waiting in line to get registered. All players were given five minutes bathroom break per hour which can be accumulated according to the Guinness rules.

Many took full advantage of the rule to accumulate their breaks and used the time to sleep in their car.

However, rumours of a player who did not take a single break in 40 hours could not be verified.

There were also a few who faltered or did not return within the stipulated time and were subsequently disqualified.

The original plan was to break the record of 36 hours by an extra two which would have set the record at 38 hours. Just before the 38th hour mark, when the record had already been broken, the organisers asked the players if they could push on to 40. By a majority vote, they agreed buoyantly to continue.

With energy drinks strewn all over the floor and sleep deprived gamers sluggishly walking to the exits, some still had the energy to talk about what this means for Malaysian gaming.

Eighteen-year-old student Ng Yun Bin, who was playing a variety of games including DotA and Left 4 Dead, said Malaysian gaming will certainly benefit from this. “Malaysia is already quite good in many games and we have many events here already,” said Ng. “This record will give us even more exposure and more events will be held here.”

Some players even came in pairs. Two students, 23-year-old Ansarul Iqmal Roslan and 22-year-old Nurul Nisa Omar are a couple who decided to be part of the record together.

“I’ve loved gaming since I was a kid so this was not that hard for me,” said Ansarul.

“I think more gaming companies will want to have events in Malaysia after this which is great.”

He also appreciated having his girlfriend with him to keep him company, especially since she is not a passionate gamer like him.

AMD and Cyberview Sdn Bhd marked the occasion as a success. Managing director of Cyberview Datuk Redza Rafiq said that the record attempt along with the other competitions held at Cyberfusion will serve as the catalyst for Malaysia’s bid to host the 2010 World Cyber Games Asian Championship.

Cyberfusion, organised by Cyberview Sdn Bhd and AMD, was held at Multimedia University (MMU) in Cyberjaya.

April Fool's Day computer virus could cause internet chaos today

noreply@blogger.com (Harris) — Wed, 01 Apr 2009 03:20:00 +0000

A virus that experts believe has wormed its way into millions of computers could choose today to attack.

The Conficker virus, which is thought to have infected up to 15million computers since last autumn, has so far lurked harmlessly - but it is said to be programmed to change the way it operates today.

No one knows what it will do - with some suspecting it is simply an April Fool's joke.

But there are fears the virus, which infects machines through the internet and via memory sticks, will be used to steal bank details, send spam emails or crash a major website by overloading it by redirecting all affected computers to it.

Conficker, which is also known as Downadup or Kido, is a 'worm' virus that exploits a gap in Microsoft Windows software.

Parliament, the Ministry of Defence and several NHS trusts have been infected, as well as home computers.

Experts are sceptical about whether today is the day the worm will turn, but urge the public to ensure their anti-virus software is up to date.

Security patches can be downloaded from Microsoft, which has offered a £175,000 reward to find the culprits.

One sign of already being infected is being blocked from visiting the websites of anti-virus companies such as McAfee.

Graham Cluley, of internet security company Sophos, advises people to rid their machines of the worm as soon as they can.

He said: 'There is no reason to believe that there will be any instructions for Conficker to receive on 1 April,' he said. 'They could just as easily be delivered on 2 April, 4 April, 25 May or never.

'This network is large and the whole world is going to be watching everything it does.

'You could argue it is a victim of its own success because it is going to be difficult for it to do anything under the radar.'

Mikko Hypponen, of antivirus software firm F-Secure, said: 'It is scary thinking about how much control a hacker could have. They would have access to millions of machines.'

How do I know if my PC has been infected?

Conficker finds vulnerable computers and automatically disables security services and blocks access to anti-virus websites.

You might be infected if your internet connection is running particularly slowly.

Find out whether you already have Conficker by using Microsoft, Symantec or a McAfee security tool.

How do I stay safe?

Make sure your PC is running the latest version of anti-virus software such as Norton or McAfee.

Make sure any USB devices you use on your PC are from trusted sources - Conficker downloads files when an infected USB is used on a new PC

Update your PC with all the latest ‘patches’ from Microsoft - available from Microsoft's website.

If your PC has been infected with the virus you can download Microsoft's Malicious Software Removal Tool from the website.

Virus serang Internet sempena April Fool

noreply@blogger.com (Harris) — Wed, 01 Apr 2009 03:16:00 +0000

LONDON - Para pemilik komputer disaran supaya berwaspada berikutan virus Conficker dipercayai akan menyerang Internet hari ini bersempena 'hari penipuan' atau April Fool, lapor sebuah akhbar semalam.

Virus yang sudah menjangkiti lebih 10 buah komputer di seluruh dunia itu dibimbangi boleh melumpuhkan sistem jaringan Internet.

Pakar-pakar memberi amaran virus itu boleh digunakan untuk mencari dan mencuri nombor dan kata laluan kad kredit atau melumpuhkan laman web seperti Google.

"Komputer-komputer yang dijangkiti Conficker akan menjadi rangkaian komputer zombie dan boleh digunakan untuk menghantar e-mel atau menyerang laman web lain," kata seorang pegawai di firma keselamatan Internet Sophos, Graham Cluley.

Pengeluar perisian komputer terbesar di dunia, Microsoft sudah menawarkan perisian percuma untuk memusnahkan virus itu. - Agensi

Pengasas Yahoo letak jawatan

noreply@blogger.com (Harris) — Wed, 19 Nov 2008 03:42:00 +0000

SAN FRANCISCO - Pengasas bersama enjin carian Yahoo di internet, Jerry Yang yang menolak tawaran pengambil alihan sebanyak AS$47 bilion (RM169 bilion) daripada Microsoft kini dalam proses meletakkan jawatan sebagai ketua pegawai eksekutif (CEO).

Yang berumur 40 tahun mengambil alih jawatan (CEO) setahun lalu dan akan kekal memegang jawatan itu sehingga penggantinya diperoleh.

"Yang dan Lembaga Pengarah telah mengadakan dialog berhubung waktu penggantian dan kita semua bersetuju bahawa kini adalah masa sesuai untuk melakukan peralihan CEO baru," kata Pengerusi Yahoo, Roy Bostock.

"Kami berasa terhutang budi kepada Yang dan sumbangannya sebagai CEO sejak 18 bulan lalu," katanya dalam satu kenyataan.

Menurut Yahoo, Yang yang mengasaskan enjin carian itu pada 1995 ketika berumur 26 tahun bersama rakan sekelasnya, David Filo dari Universiti Stanford.

Yang kemudian menjadi bilionair apabila syarikat itu disenaraikan pada tahun seterusnya. - AFP

Microsoft Malaysia nasihat orang ramai abai e-mel berangkai

noreply@blogger.com (Harris) — Wed, 08 Oct 2008 16:22:00 +0000

KUALA LUMPUR: Microsoft Malaysia, anak syarikat perisian komputer terkemuka dunia yang berpangkalan di Amerika Syarikat (AS), Microsoft Corporation tidak terbabit dengan sebarang aktiviti atau menyokong apa-apa bentuk e-mel spam atau ‘sampah’.

Jurucakap Microsoft Malaysia berkata, perbuatan pihak tertentu itu disedari pihaknya sejak tiga tahun lalu.

“Kami meminta orang ramai tidak melayan e-mel berangkai yang mendakwa pengasas Microsoft, Bill Gates mahu memberi wang kepada penggunanya.

“E-mel yang mencalarkan imej Microsoft ini mengarut dan tidak masuk akal. Justeru, jika terima abaikan,” katanya ketika mengulas laporan muka depan Harian Metro kelmarin mengenai sindiket penipuan Internet yang menggunakan nama Gates bagi tujuan mengaut keuntungan.

Laporan memetik, taktik licik terbaru sindiket penipuan Internet dikesan menggunakan nama jutawan yang juga pengasas perisian Microsoft, Gates, bagi memerangkap mangsa melalui e-mel.

Antara kandungan e-mel yang kini tersebar luas di seluruh negara ialah ‘tidak perlu mengeluarkan sebarang modal atau pelaburan, namun dijanjikan pulangan wang ribuan ringgit setiap minggu dengan hanya menghantar e-mel’.

Dakyah e-mel berangkai itu menyatakan Gates mahu berkongsi kekayaan melimpah-ruah dimilikinya dengan pelanggannya, menerusi dua syarikat tersohor, Microsoft dan AOL.

Naib Presiden Dapat Vista Sdn Bhd yang juga pengasas dapat.com, Azli Paat, menjelaskan e-mel berantai seperti itu digunakan sindiket untuk menjual nama, alamat, e-mel dan nombor telefon mangsa kepada syarikat tertentu.

Sementara itu, Kementerian Tenaga, Air dan Komunikasi (KTAK) akan mengambil langkah serius membanteras sindiket yang menjalankan kegiatan jual beli maklumat peribadi orang ramai tanpa kebenaran dan dengan tujuan jahat.

Timbalan Menterinya, Datuk Joseph Salang Gandum, berkata perbuatan menganiaya orang ramai dengan modus operandi tersembunyi di sebalik emel sebagai tidak beretika.

“Sekiranya kejadian itu benar berlaku, ia sesuatu perniagaan yang tidak beretika. Mana boleh jual maklumat peribadi orang lain tanpa kebenaran.

“Pelaku boleh diambil tindakan keras mengikut Akta Komunikasi dan Multimedia 1998 (AKM),” katanya.

Pelayar terbaru Microsoft

noreply@blogger.com (Harris) — Sat, 30 Aug 2008 01:35:00 +0000

WASHINGTON – Syarikat komputer gergasi, Microsoft melancarkan pelayar internet terbaru yang membolehkan pengguna melayari internet tanpa meninggalkan sebarang kesan di laman web yang mereka lawati, lapor sebuah akhbar semalam.

Pelayar internet yang dikenali sebagai porn mode menyembunyikan sejarah laman web yang dilawati oleh seseorang individu pada satu komputer yang sama.

Ciri terbaru itu dijangka memberi tamparan hebat terhadap enjin pencarian Google yang banyak bergantung kepada sejarah pelayar untuk menyasarkan satu-satu pengiklanan.

MA-134.072008 : MyCERT Special Alert - Vulnerabilities in Microsoft Products

noreply@blogger.com (Harris) — Sun, 20 Jul 2008 13:07:00 +0000

Microsoft has released notification regarding latest vulnerabilities in its products. There are two vulnerabilities that will be affecting many users in Malaysia. Users are advised to take high precautions and execute remedial action to avoid their machines from being compromised.

Three Microsoft products that are experiencing the vulnerabilities are as below:

i. Microsoft Word
ii. Microsoft DNS

The details of the vulnerabilities have been summarized in the tables as below. Be very aware that there is an exploit available for the vulnerability of Microsoft Word and users are advised to undertake a prompt action to fix the vulnerabilities

Produced in 15th July 2008 by MyCERT, CyberSecurity Malaysia, an agency under the Ministry of Science, Technology and Innovation (MOSTI).

Revision History:

Initial Release: 15th July 2008
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
CVE / Microsoft
Security Bulletin CVE-2008-2244
System Affected

* Microsoft Word 2002 Service Pack 3

* Microsoft Word 2000 *

* The software may just exit when opening purposely crafted .doc file

However the software listed below are NOT affected from the vulnerability
* Microsoft Office Word 2000

* Microsoft Office Word 2003 Service Pack 2

* Microsoft Office Word 2003 Service Pack 3

* Microsoft Office Word 2007

* Microsoft Office Word 2007 Service Pack 1

* Microsoft Office Word Viewer 2003

* Microsoft Office Word Viewer 2003 Service Pack 3

* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1

* Microsoft Office for Mac 2004

* Microsoft Office for Mac 2008

Method of infection

User initiated, by opening specially crafted Microsoft Word file with embedded code; usually sent via email or hosted on websites. Attacker then could get access of complete control on the machine
Impact

Attacker could execute exploit remotely by manipulating memory corruption vulnerability in Microsoft Word.

Attacker may gain the same user right as local user, and fewer user rights reflects less affected system.
Exploit

AVAILABLE

It exploits Microsoft Word Macro processing code for macro names length vulnerability and then executes the attacker-supplied arbitrary code on the compromised computer, drops the backdoor and executes it.
Fixes/Remedial

Run all software as a nonprivileged user with minimal access rights.

Use Microsoft Office Word 2003 Viewer or Microsoft Office Word 2003
Viewer Service Pack 3 to open and view Microsoft Word files.

Do not open and save Microsoft Office file from unknown sources or unexpectedly.

Vulnerabilities in DNS Could Allow Spoofing (DNS Insufficient Socket Entropy Vulnerability & DNS Cache Poisoning Vulnerability)
CVE / Microsoft
Security Bulletin CVE-2008-1454 CVE-2008-1447/MS08-037
System Affected

* DNS Client - Microsoft Windows 2000 SP4
DNS Server - Microsoft Windows 2000 Server SP4

* DNS Client - Windows XP SP2 & SP3

* DNS Client - Windows XP Pro x64 2 & Windows XP Pro x64 SP2

* DNS Client - Windows Server 2003 SP1 & SP2
DNS Server - Windows Server 2003 SP 1 & SP2

* DNS Client - Windows Server 2003 x64 Edition & Windows Server 2003 x64 SP2
DNS Server - Windows Server 2003 x64 Edition & Windows Server 2003 x64 SP2

* DNS Client - Windows Server 2003 with SP1 for Itanium & Windows Server 2003 with SP2 for Itanium.
DNS Server - Windows Server 2003 with SP1 for Itanium & Windows Server 2003 with SP2 for Itanium.

* DNS Server - Windows Server 2008, 32 bit

* DNS Server - Windows Server 2008, x64

Method of infection

DNS Insufficient Socket Entropy Vulnerability - CVE-2008-1447

The cause of this is the lack of sufficient entropy allowing an attacker to spoof DNS query responses.

An attacker could send specific queries to a vulnerable DNS server or client, and at the same time respond back in a manner that allows the attacker to insert false or misleading DNS data. The attacker could then redirect Internet traffic from legitimate locations to an address of the attacker's choice.

DNS Cache Poisoning Vulnerability - CVE-2008-1454

The vulnerability could allow an unauthenticated remote attacker to send specially crafted responses to DNS requests made by vulnerable systems, thereby poisoning the DNS cache and redirecting Internet traffic from legitimate locations and invoking Man in the Middle attack.

It happens when the software fails to properly handle responses that contains data outside of their authority. Including data from beyond the DNS Server authority can cause extra data to be inserted into the DNS cache.
Impact

DNS Insufficient Socket Entropy Vulnerability - CVE-2008-1447

An attacker who has successfully exploited this vulnerability can insert arbitrary addresses into the DNS cache, also known as DNS cache poisoning. Unsuspecting users would fall prey to a pharming attack.

DNS Cache Poisoning Vulnerability - CVE-2008-1454

An attacker who successfully exploited this vulnerability could insert false or misleading DNS data in the response to specific DNS requests, thereby redirecting Internet traffic. This will then expose users for pharming attack.
Exploit N/A
Fixes/Remedial

Available (http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx)

Ensure that only trusted hosts and networks can send DNS responses to affected machines.

Type your summary here

Type rest of the post here

TheWonderBar

noreply@blogger.com (Harris) — Thu, 19 Jun 2008 04:33:00 +0000

THEWONDERBAR.
Moor. Chlorey’nahre. Original.

“Experience thewonderbar today!! Unleash its magic on your skin”

Suitable for all skin types, thewonderbar is formulated for daily use to cleanse, tone, and moisturize the
face for the conditioned look.

"All you have to do is to work the thewonderbar facial bar into lather, gently massage into the skin, leave
it on to permeate your skin for 3 minutes and wash off with water. Admire the effects of thewonderbar
conditioned skin in the mirror, as it continues throughout the day."

THEWONDERBAR is also effective as a shampoo and shaving foam.

website: www.thewonderbar.info
any inquiry & to order:

Cisco Chief claims antivirus software is a waste of money

noreply@blogger.com (Harris) — Fri, 23 May 2008 02:19:00 +0000

Recently, Cisco's Chief Security Office, John Stewart, made an interesting statement regarding the nature of today's virus and malware threats. He has stated that spending money on Antivirus (along with other types of malware protection) is a complete waste, with vendors fighting an uphill battle that they are losing. It's a statement that many could probably relate to, as often even a machine that is fully patched and fully updated can still fall prey to viruses or spyware.

[Click here for more]

Mr. Stewart asserts that the frequency of new malicious software being released into the wild has made it so commonplace as to be almost ignorable, with companies preferring to just “live with them” rather than struggle to fight them. That sounds like a complete loss of hope, but it wasn't all doom and gloom – he vouched for the idea of white-listing software, crafting systems that only let certain software execute at all. Provided that control is in the hands of the user (or at least whoever administers the machine), it's a nice ideal if not completely realistic.

A lot of people disagree with that point of view – the regional director of McAfee, for instance, who retorted to the Cisco Chief's comments, claiming that while AV suites are not perfect, it is certainly leagues better than having an unprotected machine.

Type your summary here

Type rest of the post here

Windows Defender update breaks USB devices in Vista

noreply@blogger.com (Harris) — Thu, 17 Apr 2008 08:10:00 +0000

A software update hosing your OS is pretty bad. It's happened to all of us us at one point or another, though, and frustrations aside we get over it. A software updating denying you access to hardware, however, is something entirely different – and that's exactly what Microsoft is facing right now. It seems that a recent update to Vista is causing problems with USB devices, including USB mice and keyboards. The problem, it seems, will result in these devices no longer functioning, making it pretty difficult to implement any fixes or use the machine at all if you rely on USB input.

The update was for the Windows Defender package, and currently Microsoft has no fix available for it. In the meantime, if you are struck by this problem, your only real recourse is to use a PS/2 device – or remove the update and keep it off your system.

Protect Your Investment on Acer Product!

noreply@blogger.com (Harris) — Mon, 07 Apr 2008 02:12:00 +0000

Protect Your Investment !!

Acer Aspire 3680-2680 / 3680-2680G/
3680-2680D2 / 4710 / 4720 / 5315 / 5710 /5720
is NOT an authorised product of
Acer Sales & Services Sdn. Bhd

How to confirm your Acer is Genuine?
Before you buy Acer Laptop, make sure it has all following features:

Pre-installed with genuine Windows Vista; Rose-color Certificate of Authenticity (COA) included.
3-year Limited Local Warranty.
1 year International Traveler's Warrany*
Able to uplift to 3-years International Traveler's Warranty with Acer SuperCare Extended Warranty.
Free** RM10000 AIA Personal Accident and Snatch/ Assault for up to 90 days.
SIRIM approval sticker.
Buy only from Acer Authorised Resellers.

*for selected model only
**for every purchase Acer notebook or Multimedia Pc during the promotion period

[click here for details]

Will Microsoft Deliver Windows 7 Next Year?

noreply@blogger.com (Harris) — Sat, 05 Apr 2008 02:42:00 +0000

Microsoft hints that the next version of its Windows operating system will arrive in 2009.

Microsoft has dropped two strong hints in the past two days that the next version of its Windows operating system will arrive in 2009, shaving up to a year off previous expectations.

It could also be a signal that Microsoft intends to cut its losses with Windows Vista, which has been poorly received or shunned by customers, especially large companies.

Microsoft has long said it wants to release Windows 7 about three years after Vista, which was released to manufacturing in November 2006 but not officially launched until January 2007. Given Microsoft's recent track record - Vista arrived more than five years after XP - most outsiders had pegged some time in 2010 as a safe bet for Windows 7's arrival.

But News.com reported Friday that Microsoft Chairman Bill Gates answered a question at a business meeting in Miami about Windows Vista by saying "Sometime in the next year or so we will have a new version."

And during its announcement Thursday that it would extend the availability of Windows XP Home for low-cost laptops, Microsoft said it would retire the operating system only after June 30, 2010, or one year after the release of Windows 7, whichever comes later.

That implies that Microsoft is targeting the middle of next year for some sort of release milestone for Windows 7 - the only codename known at the moment - though whether that would be a final release to consumers or an RTM, which allows businesses and OEMs to start installing it, is unknown.

A Microsoft spokeswoman, in an e-mail, said the company "is in the planning stages for Windows 7 and development is scoped to three years from Windows Vista Consumer GA." She said the company was providing early builds of the new operating system to gain user feedback, but otherwise was not providing further information.

Gates also said that he was "super-enthused about what [Windows 7] will do in lots of ways" but didn't elaborate.

What could those be? Microsoft has divulged a few things. Responding to criticism that Windows has become unnecessarily bloated, the company has 200 engineers developing a slimmed-down kernel called MinWin that uses 100 files and 25MB, compared to Vista's 5,000 files and 4GB core and is so small it lacks a graphical subsystem.

Microsoft has also confirmed that the operating system will come in consumer and business versions and in 32-bit and 64-bit editions.

Screenshots of early betas of Windows 7 are also appearing. Blogger Paul Thurrott yesterday put up screenshots from build 6519 of Windows 7 released in December, which he said looks like "a slightly enhanced version of Windows Vista."

Microsoft needs to start generating excitement about its software months or years in advance in order to prepare its millions of reselling partners.

But if it talks up Windows 7 too much, it runs the risk that large companies -- Microsoft's most profitable customer segment -- will hold on to their Windows XP machines and skip Vista entirely in favor of Windows 7.

That appears to be happening. A recent enterprise survey by Forrester Research Inc. showed that only 6.3% of enterprises were running Vista at the end of December, with most of the upgrades coming at the expense of aging machines running Windows 2000, not XP.

The vast majority of the 100 million copies of Vista that Microsoft has sold so far have gone to individuals and small businesses purchasing new PCs.

The least-loved version of Windows has long been Windows Millennium Edition (ME), a buggy minor upgrade that was superseded by XP within a year of its release. Despite its far greater - some would say, too great - technical ambition, Vista may end up lumped together with ME as one of the blips on Windows' long-term roadmap.

Internet crime up, says IC3

noreply@blogger.com (Harris) — Sat, 05 Apr 2008 02:37:00 +0000

A recent report by the “Internet Crime Complaint Center” has posted some interesting statistics about fraud on the web and how much it is costing the victims. Over the course of 2007, there were fewer complaints filed than in 2006 – but the value of those went up. In total, around $40 million more was reported than the year before.

Individual complaints averaged around $3500, which may look like a drop in the bucket of several million dollars, but if you lose $3500 to an Internet criminal you're probably hurting anyway. Some other interesting statistics of the report, which is downloadable from the IC3 site, include who was more likely to be defrauded and what the methods were. The “Nigerian” scam mails came in at a mere 1.1%, whereas auction fraud on sites like eBay was a behemoth 35.7%. Identity theft was also low on the list at only 2.9%.

How to access Yahoo SMTP

noreply@blogger.com (Harris) — Thu, 03 Apr 2008 02:41:00 +0000

If you want to use Outlook, Outlook Express, Thunderbird or other third party email clients to view your email you have 2 options.
Subscribe to mail plus:
http://billing.mail.yahoo.com/bm/Upgrade...

or download and install YPOPS
http://ypopsemail.com/

another link : http://www.softpedia.com/progDownload/YahooPOPs-Download-3702.html

then follow the directions for your version of outlook here,

http://help.yahoo.com/l/us/yahoo/mail/or...

If you have trouble with set up, check the YPOPS installation page for alternate set up instructions.

http://dbeusee.home.comcast.net/
Click on YPOPS link on the left.
Then Click on Configuring email clients towards the bottom.
Choose the appropriate link for your mail client.

I currently utilize version 2.0.0.4 of Thunderbird
and version 0.8.3 of YPOPS (there is a more recent version of YPOPS that you need if you are Yahoo Beta Mail) and have no problems.

Thumbs up are always appreciated if I have truly helped you!!

YahooPOPs description
YPOPs! (YahooPOPs!) is an application that provides free POP3 access to Yahoo! Mail

YPOPs! is a Windows, Linux, Solaris and Mac program providing POP3 access to Yahoo! Mail.

Yahoo! Mail disabled free access to its POP3 service in April 2002. This resulted in many people (including myself) to look for alternative free POP3 services.

But this exercise can be very difficult because of the fact that your Yahoo! Mail address could be with several people and informing all of them about your new email address could prove to be a nightmare.

This application emulates a POP3 server and enables popular email clients like Outlook, Netscape, Eudora, Mozilla, Calypso, etc., to download email from Yahoo! accounts.

We do not go against the license agreements of Yahoo! Mail. This application is completely legitimate and well within the realms of legal software.

What's New in This Release:

· Handle "Invalid ID or password" error with a pop-up dialog showing the error with hint how to solve it.
· Handle Yahoo Shortcuts introduction message automatically so that login is successful.
· Give error dialog if unexpected page encountered during login.
· When YPOPs detects error "Your login session has expired.", give helpful hints how to solve it.
· Include the account name in the login verify window title.

FBI Suspects Chinese Hackers Damaged Darfur Site

noreply@blogger.com (Harris) — Sat, 22 Mar 2008 13:39:00 +0000

The FBI is looking into a China-based hack of servers at the Save Darfur Coalition.

The U.S. Federal Bureau of Investigation is looking into a possible China connection in the hack of a nonprofit group created to draw attention to the ongoing genocide in western Sudan's Darfur region.

The Save Darfur Coalition called in the FBI earlier this week after discovering that someone had gained unauthorized access to its e-mail and Web server, according to Allyn Brooks-LaSure, a spokesman with the group.

Brooks-LaSure doesn't know who is behind the attacks, but he said the Internet Protocol addresses of the computers that had hacked his organization were from China. "Someone in Beijing is trying to send us a message," he said.

The hackers seemed to be primarily interested in gathering data on his group, Brooks-LaSure said. Save Darfur has been trying to get China to pressure Sudan's government into stopping the mass killings in Darfur's ongoing civil war. China is one of Sudan's largest trading partners.

Computers in China have been the source of many attacks in recent years, although security experts say that sometimes China-based machines are simply used as jumping-off points for attackers who actually reside in other countries such as the U.S. or Russia.

Groups that work with Save Darfur may have also been hit, Brooks-LaSure said. Some partner organizations have been the subject of very targeted e-mail attacks over the past few weeks that have tried to trick workers into opening malicious documents or visiting malicious Web sites. These are both common ways of installing unauthorized software on a victim's computer.

This type of targeted e-mail attack was recently employed by attackers looking to infect people on a pro-Tibet mailing list. Victims who opened what appeared to be a statement of solidarity for the people of Tibet were secretly hit with attack code that exploited a flaw in Adobe's Acrobat software, said security researchers at F-Secure in a blog posting.

"It looked like it was coming from the Unrepresented Nations and Peoples Organization (UNPO). However, the e-mail headers were forged and the mail was coming from somewhere else altogether," wrote F-Secure.

Many pro-Tibet organizations have been targeted with these types of attacks in recent months, the company added. "This is not an isolated incident. Far from it," the company said. "These e-mails have been sent to mailing lists, private forums and directly to persons working inside pro-Tibet groups. Some individuals have received targeted attacks like this several times a month."

A similar type of attack was used last month to infect computers at a committee working on security at the upcoming 2008 Olympic Games in Beijing, according to security vendor MessageLabs.

Members of that committee were infected by a malicious Microsoft Word document that they then forwarded to other organizations, according to MessageLabs researcher Maksym Schipka. In that case, "the bad guys did not have to hack into the good guy's mail server, all they had to do was persuade them that the document was something interesting so that the good guys themselves would forward it on," he said.

It is not clear that there is any connection between the attack reported by MessageLabs and that reported by Save Darfur.

When contacted Friday regarding the Save Darfur incident, FBI Spokeswoman Debbie Weierman confirmed that the law enforcement agency was "looking into the matter."

==>> Click here for more news

Samsung introduces 500GB 2.5" drive

noreply@blogger.com (Harris) — Thu, 06 Mar 2008 10:43:00 +0000

How would you like 1TB of storage? While feasible enough when dealing with a desktop or server, getting such huge amount of storage in a laptop isn't all that easy. Samsung is one of the few companies trying to address this problem, and today they introduced an all new 500GB laptop hard drive that manages to squeeze three 167GB platters into a tiny amount of space.

The Spinpoint M6 is a standard 2.5” unit operating at 5400RPM, with a price tag not all that hard to swallow – a tad under $300. It also has a smaller but faster variant, the Spinpoint MP2, which is a 250GB unit spinning at 7200RPM. While Samsung isn't revealing any design wins immediately, it should only be a matter of time until vendors start to offer not only one but two drives inside a single machine for an effective one terabyte of storage. Other vendors have already done it, namely the Asus M70S laptop using two Hitachi drives.

Internet Explorer 8 Beta 1 features revealed

noreply@blogger.com (Harris) — Thu, 06 Mar 2008 10:41:00 +0000

Update: The download links are now live on Microsoft website, so you can grab Internet Explorer 8 Beta 1 for Windows Vista, Server 2008, Server 2003 SP2, or XP SP2.

Update #2: It appears to be that the Microsoft installer doesn't like the (supposedly unreleased) Service Pack 1 for Vista as it refuses to install in that platform. One of our readers has also suggested it won't want to install on XP SP3 either. We assume there are ways to circumvent this, just don't be alarmed if you get an error message.

In preparation for the impending launch of Internet Explorer 8 Beta 1, Microsoft has set up a website detailing some of the improvements, changes and new features users can expect to see in the next version of its web browser including two new technologies dubbed WebSlices and Activities.

Activities give users ready access to third-party online services from any page they visit through a right-click contextual menu, allowing them to easily do things like retrieving an address map, submitting a story to Digg, sharing a page on Facebook, and so on. As for WebSlices, this new feature will enable users to crop a specific area on a website and bookmark it for future reference.

Other new features coming in IE8 Beta 1 include a new favorites bar, an improved phishing filter, and a new automatic crash recovery feature which brings back your tabs in case of a browser crash. The beta is widely expected to launch at this year’s Mix 08 which begins today. In fact, a download page is already up – though the links are not working as of this writing.