Skip to main content

Posts

Showing posts from November, 2013

CryptoLocker Malware

CryptoLocker is a ransomware malware virus that is downloaded via email phishing scams. The emails seem to be coming from phony businesses, as well as fake UPS and FedEx tracking notices. It has also been documented that some victims saw the malware appear following after a previous infection from one or several botnets frequently leveraged in the cyber-criminal underground.

The malware tagets Windows 8, Windows 7, Vista, and XP operating systems.

The malware is capable of locating share drives and other mapped network drives, which allows it to replicate across the network and infect other hosts on the network. It then proceeds to encrypt the victim's files using asymmetric encryption, and demands payment before giving the private decryption key to the victim. Some people have reported that even when they paid the ransom, they did not receive the private key from the hackers.

The easiest way to get rid of the virus is to reformat and hope that there is a back from before the mal…

TCP/IP Guide by Charles Kozierok

I just bought this book the other day. It is a comprehensive reference for almost all things TCP/IP. I will probably be posting some of the things I come across in this book that I think are useful or that I think would be helpful for others to know about as well.



I will also give my final thoughts on this book after I finish reading and studying its contents. I'm sure that this book will definitely be going into my library of reference materials.

Amazon and Playstation Come Together

Amazon Playstation Network Store is set to launch or PSVita, PS3, and of course the much anticipated (at least for me) Playstation 4. It is said that this new addition will give gamers a choice as to where they can download content. In the past, users were subject to downloading content from Playstation Network, which meant that the listing price for a game was what they had to pay. Although, it has not been said whether or not Amazon will have their own pricing model or simply use the same price points used by Sony, users will have an option to chose where they want to by their games from, which intern, could lower pricing in both online stores.

I feel that this will be a good addition to the Playstation user experience. It makes them feel like they have a choice even if they the prices for downloadable content are exactly the same in both marketplaces. Will this be a good thing? I guess we will just have to wait and see how the community reacts to the new addition.

Twitter: @Th3Mat…

Ps4 and Nintindo on the XBOX ONE

This seems pretty interesting. Being able to play your Playstation 4 on your Xbox One might be pretty cool. I wonder how how well this has been tested and if the other companies have been brought into this conversation. What about the games that are suppose to be perpratary to each console? I guess we will have to see how it will play out when the two consoles hit the market during the holiday season. 
Read the article here: http://www.forbes.com/sites/erikkain/2013/11/09/you-can-play-your-ps4-through-your-xbox-one/

Latest Windows Zero-Day Exploit

It is believed that this exploit is the handy work of an India based hacker group who were also thought to be responsible for the 'Operation Hangover' exploits earlier this year. This news was released in a security alert by Microsoft earlier this weeks. They said that the there was a vulnerability in the TIFF image-format parsing component was being exploited in attacks aimed at targets located in the Middle East and South Asia.



Emails with subject lines like "Illegal Authorization for Funds Transfer" or "Problem with Credit September 26th 2013" were the medium being used by the hackers. They attached malicious Word documents, which seemed to use multiple XML objects to "spray the heap memory," which is a old technique used more than a decade ago, used to find sections in the memory that the malicious code can use for its exploit.

Continue reading at: computerworld.com 

Twitter: @Th3MattWilson

Phishing in Brazil

There is an interesting phishing scheme floating around Brazil with a theme relating to Internet banking. When the user clicks on the attachment it is opened using Microsoft Word. In the document is an image of a banking receipt along with a message asking the user to double-click on the image if they wish to see a larger version. When the user double clicks the image they are asked if they would like to open a .cpl file, which, if accepted, will download a malware that is designed to seek out the users banking credentials if they exist anywhere on the machine.



Continue reading at: http://www.scmagazine.com//sneaky-phishing-scam-in-brazil-may-hit-us-shores/article/319867/

Twitter: @Th3MattWilson

Salting Hashed Passwords to Mitigate Brute Force Attacks

Password and account protection as a whole should be a must in the day-to-day actions of the top web sites today, aka LinkedIn, Facebook, Adobe, and many others.

The link at the end of this post links to an article, which touches a bit on the need for salting hashed passwords to help prevent brute force attacks and others mischief that hackers tend to get into. I also agree that it is not just up to the site administrators to protect the data that is stored about their users, but it is also up to the users to protect their own data and they should consider their data to be vulnerable at all times, which means they should take necessary action to protect their content to the best of their ability.

While of the topic of password strength and security, it is a good idea for users to change their passwords on a regular basis. A good rule of thumb is to change account passwords every six months or so. However, if the users does not want to change their passwords as often they create a mor…

Tweet Tweet!

Twitter Upping Security Measures

According to SCMagazine, Twitter has plans to start encrypting its direct messaging services due to the ever increasing reach of the NSA, and, not to mention, the recent news of the NSA tapping into Google and Yahoo's data centers. I wonder if the NSA really secretly broke into their data centers, or did Google and Yahoo simple allow them to have access? Regardless, it is good to see that Twitter is make steps toward securing their services. I hope that others begin to start taking actions to up their information security measures. I'm talking to you Adobe!


Source: http://www.scmagazine.com/twitter-plans-to-encrypt-its-direct-messaging-service/article/319146/

Twitter: @Th3MattWilson

What a Sweet Monitor

ASUS PA279Q Review



Linus from LinusTechTips does another great job on this review. You can tell that he does a lot of great research on the products that he reviews, giving the viewer a really good overview of the product.

I've been searching around for a new monitor and this one may actually take the top spot. The resolution is pretty awesome 2560 x 1440, and the colors look very vibrant and beautiful. The only downside to this great monitor is the price. It comes in at around $800 bucks depending on where you buy it from.

Check out LinusTechTips YouTube channel for more great product reviews.

My Twitter: @Th3MattWilson