Here’s the kicker: This embedded-file threat makes creative use of functionality built into the PDF standard. As such, it works not only on Adobe Reader but on other PDF readers, too, even if they’re up-to-date.

“…Now, a new threat allows for launching malware hidden inside a PDF file. In this type of attack, discovered by researcher Didier Stevens, opening the PDF file triggers an attempt to install the malware. The action causes Adobe Reader to produce a confirmation pop-up, which gives you a chance to halt the attack by clicking the ‘Do Not Open’ button–but Stevens found that attackers could tweak the pop-up’s message. His example reads, “To view the encrypted message in this PDF document, select ‘Do not show this message again’ and click the Open button!” Using such a message, attackers could allay potential victims’ suspicion.

Here’s the kicker: This embedded-file threat makes creative use of functionality built into the PDF standard. As such, it works not only on Adobe Reader but on other PDF readers, too, even if they’re up-to-date. The makers of the Zeus Trojan horse are already using this new technique to spread their evil software.”

“…Finally, a good antivirus program may stop a malicious PDF before it can launch an attack. And VirusTotal.com is excellent for scanning any downloaded or e-mailed file with a multitude of antivirus engines. Regardless, always back up your defenses with your own good sense.”

Read Full Article at PCWorld.com

Anyone who has been on the internet for more than a few months ought to know that they will receive spam. If your email has been used on other websites (to purchase, subscribe, send or even receive emails/ecards/gifts) then you can be sure that you will receive spam. Why this is so is another discussion.

Here’s a screen shot of the iTunes gift certificate that I received (click to enlarge image below):

The zipped file at the bottom of the image gave it away as a hoax.

1.  iTunes wouldn’t send a zipped file to download.
2. iTunes would display the Senders name and possibly email address too
3. iTunes would display the gift certificate code in the email along with a link to sign up for an account
4. *NEVER download something from an email, even one sent by a friend or contact unless you are expecting it. NEVER. Seriously, NEVER, NEVER.  EVER.

 The first 3 conditions above apply for most reputable online stores.

Two articles about Facebook glitch and your privacy on the internet. Yahoo/AFP article in full because their links are broken after some time has passed from the date of publication.

New York Times: Facebook Glitch Brings New Privacy Worries
by Jenny Wortham

On Wednesday, users discovered a glitch that gave them access to supposedly private information in the accounts of their Facebook friends, like [private] chat conversations. 

From Yahoo/AFP

Facebook Glitch Exposes Private Chat by Glenn Chapman

SAN FRANCISCO (AFP) – Facebook temporarily shut down its online chat feature after a software glitch let people’s friends in the online community see each others’ private chat messages.

For a “limited period of time” chat messages and pending friend requests could be made visible to friends, according to Facebook.

For peeks at the usually walled-off information Facebook users had to manipulate a “preview my profile” feature in a particular way, according to Facebook.

“When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function,” a Facebook spokesman said in an email response to an AFP inquiry.

“We also pushed out a fix to take care of the visible friend requests.”

Chat was back in action for most Facebook users by 1900 GMT on Wednesday.

The software glitch struck as the world’s top online social-networking service is increasingly scrutinized regarding the privacy of its users.

The survey indicated that 23 percent of Facebook’s users “either didn’t know that the site offered privacy controls or chose not to use them.”

Facebook has evolved into an online repository for personal information and the company should protect user data as vigilantly as banks treat contents of safe deposit boxes, said Andrew Brandt, lead threat research analyst at computer security firm Webroot.

“They shouldn’t be leaving the vault unlocked even for a few hours,” Brandt said, referring to the chat feature glitch.

Internet users need to realize that any information they put online can escape into the wild, according to Brandt.


“If you have embarrassing photos from spring break that could get you in trouble now or in the future, just don’t put that stuff there,” Brandt said.

“Remember that everything that goes on the Internet essentially stays there. Even if Facebook hides it away, that stuff might be retrievable in the future.”

Last week, four US senators expressed concern to Facebook over recent changes to the social network that they say compromises the privacy of its more than 400 million users.

In a letter to Facebook co-founder Mark Zuckerberg, the senators said they worried that personal information about Facebook users is being made available to third party websites.

They also said the Palo Alto, California-based Facebook should make sharing personal information an “opt-in” procedure in which a user specifically gives permission for data to be shared.

One of the letter’s signatories, Democratic Senator Charles Schumer, has urged the US Federal Trade Commission to look into the privacy practices of Facebook, MySpace, Twitter and other social networking sites and to issue guidelines on the use of private information.

Facebook on April 21 rolled out a series of new features including the ability for partner websites to incorporate Facebook data, a move that would further expand the network’s presence on the Internet.

Facebook vice president of global communications Elliot Schrage has been adamant that online privacy is taken very seriously at the company.

“These new products and features are designed to enhance personalization and promote social activity across the Internet while continuing to give users unprecedented control over what information they share, when they want to share it, and with whom,” Schrage said.

The email’s subject line says “Facebook password reset confirmation customer support,” according to Marcus.

Hackers  have flooded the Internet with virus-tainted spam that targets Facebook’s estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.

The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.

If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday.

Hackers have long targeted Facebook users, sending them tainted messages via the social networking company’s own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update the company posted on its web site earlier on Wednesday warning users about the spoofed email and advising users to delete the email and to warn their friends.

McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began on Tuesday.

Dave Marcus, McAfee’s director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.

“With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that’s 40 million,” he said.

The email’s subject line says “Facebook password reset confirmation customer support,” according to Marcus.

(Additional reporting by Alexei Oreskovic; Editing by Bernard Orr)

Source : news.yahoo.com (Note: Original link broken had to reproduce entire article here and remove link)

Top 3? But we just need one good browser.

True, however we recommend that you have two browsers available for your browsing needs. Why? Because Internet Explorer (IE) often comes bundled with a computer and most users stick with it.

Do you have to though? Not at all. In fact European users will be offered a choice of browsers even though IE comes bundled with their PC and laptop.

The top 3 browsers in order of excellence are:

1. Mozilla’s FireFox
2. Google Chrome
3. Safari and Opera tied for third place (ok, top 4 then)

 We find that these browsers are more secure, less buggy, and just as easy to use as IE.

Users may also import their bookmarks from IE to their new browsers during the set up phase or after they have set up a new browser.

Don’t delete IE though. Use the newer browser as your default browser and retain IE for those times when you may only use IE (certain games on MSN only play on IE).

It’s generally a good idea to have a backup plan. We generally have at least 4 browsers on our machines for testing websites and applications.

 From USAToday.com by Byron Acohido:

How cybercriminals invade social networks, companies

 “So Alice clicked on the accompanying Web link, expecting to see Bob’s photos. But the message had come from thieves who had hijacked Bob’s Facebook account. And the link carried an infection. With a click of her mouse, Alice let the attackers usurp control of her Facebook account and company laptop. Later, they used Alice’s company logon to slip deep inside the financial firm’s network, where they roamed for weeks. They had managed to grab control of two servers, and were probing deeper, when they were detected.”

http://www.usatoday.com/tech/news/computersecurity/2010-03-04-1Anetsecurity04_CV_N.htm

Jump for joy! We usually do.

Seriously though, jump for joy!

Ha. So, without getting too verbose the first thing you ought to do after setting up the computer/laptop (henceforth machine) is to install anti virus software.

Personally, we like both Avast and Zone Alarm. Zone Alarm is also reasonably priced – as of February 2010 $29.95 for the Anti Virus software to $79.95 for the Extreme Security Suite Suite. The price includes a license to use the software on up to 3 computers.

With so many anti virus and computer security software available, including FREE versions, there is NO excuse for users to forgo this step. We cannot stress this enough.

Why? Because it will save you a lot of problems later on when you’ve been using the machine for a few months and it not only slows down but sometimes shuts down on its own.

Why should I install anti virus software when I only go to “good sites” and never download anything?

That’s just not true though. Whenever you go to any website, you are downloading whatever is on that page. Most sites are harmless, however there are sites that automatically download malicious software to your machine. Often these sites have been infected without knowledge of the owners.

Here’s a real life example: We had a client who was on a Mac – that most users wrongly assume cannot be infected – and we believe the client managed to infect and reinfect their website because they did not have anti virus software on their machine. This translated into delays on launching their website (which was a source of livelihood) and extra costs associated with cleaning up their websites three times.

The frustration the client experienced was enough reason for them to install anti virus and internet security software on their machine.

That is just one real life example out scores of such examples that we have come across over the years.

The moral of the story? Jump for joy and then install anti virus software. Use the protection you can afford, but use something. You will be glad you did.

Note: GrafiQuest is not affiliated with either Avast or Zone Alarm. They have however protected our machines for many years.

Yes, we know there many tech blogs. I even follow a couple. However few of these are geared towards the beginner no matter the age of said beginner.

Over the years we have come across a lot of intelligent individuals who use the internet on a daily basis. These individuals while extremely successful at their job, do not appear to have as much confidence when it came to applications they use outside of their profession. While fairly adept at using email or word processing software, they also have a lower trust level regarding the internet. Can we blame them?

Viruses, spyware, trojans, worms, key stroke loggers and identity theft are all very real threats. However one can prevent malware from infecting their machines or websites by taking certain precautions.

That’s the purpose of this blog; to provide some information on website/internet issues that we believe impact our clients, internet users or issues brought to our attention.

We will respond to comments that require a response and answer questions. Please bear in mind that we may take a few days to get back to you when/if research is required.

Comments irrelevant to the topic will be deleted.

Please keep the discussions civil. Thank you.