Wednesday, August 29, 2007

Norton Internet Security 2008

Norton internet security 2007 is a very useful internet security utility that will protect your computer while you surf online.

The chaos and rapid growth of the world wide Web have created the perfect environment for malicious and damaging entities that threaten your PC and your identity. The important documents stored in your computer must be protected from hackers and other virtual prowlers. With Norton Internet Security, you will be able to enjoy your computer with confidence, knowing that viruses and spyware will be either blocked or removed. All kinds of malicious programs will be removed automatically, including the damaging side effects.


Key Technologies



  • Antispyware

  • Antivirus

  • Two-Way Firewall

  • Advanced Phishing Protection

  • Intrusion Prevention

  • Rootkit Detection

Features



  • improved performance delivers faster starts and scans.

  • One click access to expert support.

  • Network security monitoring helps protect your wireless network.

  • Norton Identity Safe delivers enhanced i dentity theft protection.

  • Works quietly in the background.

  • Protection for up to 3 PCs per household

  • Blocks identity theft by phishing Web sites

  • Protects against hackers

  • Detects and eliminates spyware

  • Removes viruses and Internet worms automatically

  • Protects email and instant messaging from viruses

  • Prevents virus-infected emails from spreading

  • Rootkit detection searches underneath the operating system using patented technology

  • Includes protection updates and new product features as available throughout the renewable service period

  • On-going Protection option automatically renews your subscription

  • Need antispam or parental controls?

Go to Norton Internet Security 2008


Posted by at No comments:

Monday, August 27, 2007

Update Salfeld Child Control 2007

Computers are the place for children. This is the place where they can sharpen their agility as well as their abilities. They can learn and make new friends. What’s more, the Internet provides information for homework assignments. So far, so good. But they also need to be protected from the computer—for one thing, so that they don’t lose their sense of time and forget to go out and play with their friends once in a while, and for another, because of the dangers lurking on the Web. That’s why responsible parents everywhere install Child Control on every computer that their children use.


Give children an “allowance” of time
Child Control 2007 keeps track of the time your kids spend in front of the computer. Once their time is up, the computer automatically shuts down and won’t start up again—something any kid can understand. Our experience has shown that Child Control 2007’s verdict is accepted without arguments—there is no debate and no discussion. Another way of looking at it: “Child Control gives your kids back time that they are then free to spend in other ways.”


Safety on the Internet
It isn’t always easy to watch your young ones’ every move on the computer—and it’s even harder to follow what they’re doing on the Internet. Child Control 2007 can also help you here, by automatically shutting the door on their Internet connection once their allotted time is used up. Parents can easily regulate how many hours a day each child can spend on the Internet, and even specify the precise hours of the day when the gate to the worldwide online community will be available.


The Dark Side of the Internet
Sure, you can find any number of sites that are useful for learning, reference, and games. Then there are the other ones that are clearly inappropriate for children and teens. Some parents also worry about their children ending up on one of these sites by accident, or as the result of a dare. These fears can be quickly put to rest by Child Control 2007, which has already made a name for itself in Internet monitoring.


Control Internet access using filters
Child Control lets you activate filters to block all websites oriented toward violence or sex. You can also filter out specific words that may appear on various websites. Alternatively, you can limit access to only the websites that you specify. In that case, your kids will only be able to access these sites, and all others will be off-limits. In the 2007 version, parents can also limit their kids’ stay on certain sites to a specified time, so that eventually they will have to put their online games away and get back to their homework.


System Requirements
Our products use very few system resources and can easily be run on older PC's. Software programs listed here can be run on all current Windows platforms (Windows 95(b), 98, ME, NT, 2000, XP, XP SP2 (home und professional). Resource usage is relatively light: a Pentium II, Celeron, or AMD Athlon/Duron running at 266 MHz or above; a mouse; VGA (800x600 or higher); 64MB RAM; and 5 MB free disk space per application are sufficient.


Download the trial version : Salfeld Child Control 2007 
Visit Site : www.salfeld.com

Posted by at No comments:

Friday, August 24, 2007

Microsoft Windows Vista Weather Gadget vulnerability

The Windows Vista Weather gadget contains a vulnerability that may allow and attacker to execute code.


Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to the way Windows Vista treats other executable code. Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as web pages are. HTML content in the Gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer. This download process is similar to applications (.exe files) downloaded from the Internet.

Today, the Windows Vista Sidebar hosts Gadgets built from HTML, JavaScript, and potentially ActiveX controls, and because Gadgets are HTML, they are subject to Cross-site Scripting style bugs. These bugs are extremely serious because script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on user.

This document outlines some of the secure programming best practices that should be considered when building Windows Vista Sidebar Gadgets.

Never Trust Input

This is the same advice we have given for years, and it still holds true for Sidebar Gadgets. Many Gadgets read, manipulate, and then display untrusted data, such as that coming from an XMLHttpRequest object or an ActiveX control. All such input needs to be validated.

Validate Untrusted Input

There is no replacement for a good input checker. You should build a function or functions that include regular expressions to verify that the input is correctly formed, and if it is not, you should reject the data. Below is a loose example that only allows numbers, brackets, dashes, and spaces between 6 and 14 characters long.

More Information MS07–048


Posted by at No comments:

Monday, August 06, 2007

What is Phishing and Pharming?

Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
Posted by at No comments:

Avoiding Social Engineering and Phishing Attacks

What is a social engineering attack?

To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

How do you avoid being a victim?




  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.


  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.


  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.


  • Don't send sensitive information over the Internet before checking a web site's security policy or looking for evidence that the information is being encrypted (see Protecting Your Privacy and Understanding Web Site Certificates for more information).


  • Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).


  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.html).


  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).

What do you do if you think you are a victim?



  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.


  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account (see Preventing and Responding to Identity Theft for more information).


  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).
Posted by at No comments:

Warns Public of Fraudulent Phishing Email.

US-CERT is aware of a recent surge in fraudulent phishing e-mail messages. The messages, claiming to be from the United States National Medical Association, contain a subject line that reads "The United States National Medical Association" and a link that, when followed, will direct the user to a malicious website. These messages are not from any United States government agency.

Users are encouraged to take the following measures to protect themselves from phishing attacks:


  • Do not follow unsolicited web links received in email messages.

  • Verify the legitimacy of the email by contacting the company or agency directly through a trusted contact number.

  • Visit the Anti-Phishing Working Group for more information on known phishing attacks.

Mozilla Releases Update to Address URI Sanitization Vulnerability



Mozilla has released an update for the Firefox browser to address two vulnerabilities with URI sanitization.  These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. 

More information regarding these vulnerabilities and the Firefox update can be found in the following:


US-CERT encourages users to upgrade to Firefox 2.0.0.6 which has been released to address these vulnerabilities.


Microsoft Windows URI Protocol Handling Vulnerability


US-CERT is aware of a vulnerability in the way Microsoft Windows determines how to handle URIs, which may be be leveraged by a remote attacker to execute arbitrary commands on an affected system.  Public reports demonstrate that Mozilla Firefox can be used to pass malicious URIs to Windows, but other applications may also act as attack vectors for this vulnerability.

More information regarding this vulnerability can be found in Vulnerability Note VU#403150.

Posted by at No comments:
Subscribe to: Posts (Atom)

Security News

Loading...