Israel-Hamas Malware  

Posted by Mohammad Talha in ,

Trend Micro is reporting the latest variant on the "please install a fake Flash player that is actually malware" attack, this one using CNN and the war between Israel and Hamas.

The attack comes as an unsolicited e-mail with news about the conflict. The sender and subject change with every message. The message claims to contain a link to an Al-Jazeera video. Clicking the link brings the user to a fake CNN page with a video on it. Start the video and the user gets a dialog box telling them to "Please Download the correct Flash Media Player!" Clicking OK starts a download of the malicious file Adobe_Player10.exe, which Trend detects as TROJ_DLOADR.QK.

This malware is a "downloader" which then downloads and installs other malware, TROJ_INJECT.ZZ, which " an info-stealer that logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. It also drops a rootkit component detected as TROJ_ROOTKIT.FX." Bad news. (story Link)

Three vulnerabilities in SMB networking were patched in a single update today my Microsoft: MS09-001: Vulnerabilities in SMB Could Allow Remote Code Execution.

Two of the three vulnerabilities are rated critical for Windows 2000, Windows XP and Windows Server 2003; the third is rated Moderate for those platforms. Two are rated Moderate for Windows Vista and Windows Server 2008, and the third does not affect those platforms at all.

The first vulnerability, SMB Buffer Overflow Remote Code Execution Vulnerability (CVE-2008-4834), is a frightening one: an unauthenticated networking bug. This is the one that doesn't affect Windows Vista or Server 2008, but on 2000, XP or Server 2003 an unauthenticated user could invoke a remote code execution over the network. Microsoft says that most attempts to invoke this bug will result in a denial of service, but that remote code execution is theoretically possible. This being SMB, a firewall could very well block it, depending on the configuration. So it's not likely that users would get attacked directly over the Internet, but if one system inside a network is compromised through some other exploit, it could then attack other vulnerable systems from inside the network.

The second vulnerability, SMB Validation Remote Code Execution Vulnerability (CVE-2008-4835), is very similar to the last one: an unauthenticated network vulnerability that can theoretically allow remote code execution, but more likely denial of service. This vulnerability also affects Windows Vista and Windows Server 2008, although not in the default configuration, thus they are rated "Moderate." (full Story)

Reviews: HP Mini 2140  

Posted by Mohammad Talha in , , , , ,

The HP 2133 Mini-Note was (and still is) ahead of its time design-wise, with an aluminum finish that made the original ASUS EeePC 4G look like a toy by comparison. As one of the first netbooks that helped spur the ongoing revolution, it was enticingly presented and crafted to look like its EliteBook business siblings. But it wasn't without flaws. Specifically, the VIA processing innards were slow and required excessive cooling, resulting in significant fan noise and heat coming from the base. The newly minted HP Mini 2140 ($500 street) replaces the older parts with faster and more energy-efficient ones from the Intel Atom platform while keeping the impeccably fresh design intact. It's basically a business and education version of the HP Mini 1000.

From the outside, you can't tell the Mini 2140 from its predecessor. The aluminum alloy finish, a glaring departure from the white lacquered designs of the Acer Aspire One, the MSI Wind, and the Lenovo IdeaPad S10, is what made the Mini-Note exceptional in the first place. The 2140, starting at 2.6 pounds (with the three-cell battery), is slightly lighter than the 2133. It's as heavy as the Mini 1000 (2.5 pounds) and the MSI Wind (2.6 pounds), and a bit heavier than the Acer Aspire One (2.1 pounds), the lightest in the netbook category.

The 2140 could have been as light the Acer One had it not moved to a bigger screen. It now sports a 10-inch LED widescreen like those of the Wind, the Mini 1000, and the ASUS EeePC 1002HA, rather than an 8.9-inch one. The hinges are concealed when the lid is open, dropping down so that the bottom of the screen meets the system's base, which gives it a modern look. The optional 1,366-by-768-resolution screen is the first on a 10-inch laptop (HP is calling it its high-definition display). My test unit came with a 1,024-by-567 display, which is more consistent with the resolutions found on most netbooks, and it will save you a couple of bucks. The 92 percent keyboard is one of the biggest among netbooks I've seen, as big and as nice to type with as those on the Wind, the 1002HA, and the Mini 1000. The Samsung NC10-14GB, however, has a minuscule advantage with its 93 percent keyboard. As with its predecessor, an exceptional keyboard doesn't help the placement of its mouse buttons, as they flank the touchpad on each side. I found it easier to navigate with two hands.

The 2140 ranks high in features. Its two USB ports don't sound impressive, but it forgoes a third USB port for an ExpressCard 34 slot, which is a better choice. This slot can be used to expand the netbook's capabilities by adding, for instance, a FireWire ports, extra USB ports, a TV tuner, or mobile broadband. Oddly enough, this business netbook doesn't integrate mobile broadband or 3G wireless. Meanwhile, the Mini 1000—a consumer netbook, mind you—does. Otherwise, the 2140 has an impressive selection of storage options, including 160GB (5,400- and 7,200-rpm) spinning drives or an Intel 80GB solid-state drive (SSD). Capacity-wise, the Samsung NC10 has a slight edge with its 320GB, 5400-rpm drive. Like all netbooks, the 2140 comes with an SD slot for digital camera cards and a webcam for video chat… (full Story)

How Private Are Private Browser Modes?  

Posted by Mohammad Talha in , , , ,

One of the latest trends in browser security is a private browsing mode. Browsers leave evidence in many forms of where you've been browsing, such as your history, cache and cookies, and these can be used to compromise your privacy. Private browsing is supposed to clean up all these identity droppings, or even prevent them from being stored altogether. The pioneer in this feature was Apple with Safari; there is also such a mode in Google's Chrome, and private modes will be in the next versions of IE and Firefox. Most browsers also include a poor-man's version of this function that allows the user statically to remove any private data; in Firefox, for example, you can do this by pressing Ctrl-Shift-Del.

Now the security consulting firm iSEC Partners has released a study of private browsing features in popular browsers and other Internet software, specifically Adobe Flash. The results are pretty disappointing. iSEC Partners wrote a tool to test the efficacy of these features and released it with the study.

In fact, all of the existing private browsing modes have some form of data which is not cleared when users enter or leave private browsing modes. Although Chrome cleared the only tested type of data it stored, it was surprising to find that [Google] Gears data was not cleared, since Gears is included in the browser. However, this behavior is consistent across all browsers tested...

Both IE8 and Firefox 3.1 left significant data uncleared, but both of the tested products were beta and neither has yet been released. Let's hope this study will press the browser authors to clear this up before the programs go final… (full Story)

BlackBerry Typing Tricks  

Posted by Mohammad Talha in , ,

Here are a few of my favorite tips for using a BlackBerry keyboard:

1. To capitalize letters, don't bother with the Shift key; instead, hold down the key for the letter you want to capitalize for one second.
2. While Web browsing, press K to bring up your bookmarks list at any time; press A to add a new one.
3. Scroll down a message or Web page quickly by pressing the spacebar. Scroll back up by pressing Shift-Spacebar.
4. Dial a phone number that contains letters (1-800-PICK-UPS) by pressing Alt and then typing the correct letter using the QWERTY keyboard. (story Link) - Blog Search