I just never thought that Adware maker can also sues Anti Spyware maker because of their product (Spyware Doctor) helping people to solve their adware / malware problem on their computer (Full Story)

Zango Inc. v. PC Tools Pty Ltd.

5/15/2007 07-2-15844-8 CBC

Complaint for injunctive relief and tortious interference with business expectancy. The plaintiff's software, which "has been consensually installed by millions of users," is being destroyed by the defendant's "Spyware Doctor Starter Edition" application. The application does not give users specific warning that Zango's software will be deleted. The defendant's product has been distributed as part of a "Google Pack" of software tools, causing the plaintiff "irreparable harm." The plaintiff seeks at least $35 million in damages – via Spamnotes

They says that Spyware Doctor does not give users specific warning that Zango’s software will be deleted ?

Based on my experience when repairing or configuring someone else computer. I always ask them first if they want me to configure the anti spyware / antivirus product to automatically delete all kind of threat without warning / prompting the user first … all of them are saying “Yes” to that question … and i think you can guess why

But this ??? …. well … i think i’ve said enough ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Computer Security, Internet, Opinion, Personal, Tech News

Windows Update Downloader is a small utility that allows you to download all of the current Windows critical updates. All updates are downloaded directly from microsoft.com to your computer with a single mouse click (few / several mouse clicks to be exact, if that matters)

In other words this small utility is useful to those who like to keep their windows system in top shape by updating their system frequently but still want to keep the downloaded update files as archives in your hard drive for later use and you can grab this amazing tool from here

In order to use this program, first you must make sure you’ve already installed .NET 2 Framework on your system or you can download it directly from Microsoft site. But if you already has .NET 2 Framework installed you can just simply run it

The first time you use this program, it’ll say that you’ll need to get an UL (Update Lists) first .. so get the appropiate update lists for your system first from the author page, as for the next step .. well .. you just simply choose which update files to download .. that’s it

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Computer Security, Freeware, Software, Windows

To those who likes to integrate various windows update files into their own Windows XP SP2 CD (like me for an example) so you wont have to install previous windows update files when you’re installing a fresh install of Windows XP can download the latest version of RyanVM’s XP SP2 Post-Update Pack version 2.1.7 (16 February 2007) and of course this is the best package you can get out there that contains many windows update files, although the file size is quite large 44.3 MB (at least for me)

Or to those who prefer a more light version that contains only high priority windows updates, you can try XUDPack (Xables Light Post XP-SP2 Update Pack) and the latest version of XUDPack you can get right now is version 2.0.6 (14 February 2007) and of course because XUDPack only contains high priority updates it's filesize is only 29.5 MB

As for the steps to integrate it, you can choose whether you want to use nLite to slipstream the package of your choice into your Windows XP SP2 files or you can choose the RyanVM Integrator

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Computer Security, Freeware, Software, Windows

I read about this yesterday on BugTraq and within just one day i read another interesting news from Symantec (i found it via techmeme) regarding this new xss issue with pdf files

And what makes this interesting, because this problem only occur at Mozilla Firefox browser (with Adobe Reader 7 and below), and Internet Explorer 6 and 7 isn't affected by this vulnerability issue as noted by Symantec :

This problem appears to be limited to the Firefox browser, which has a relatively large user base.

Although some other people are getting different results (look at the comments), and if it's for me .. i already tried this with Firefox 2.0.0.1 installed on Windows XP SP1 .. and i don't find any problem with it .. and that’s because i already disabled the PDF / Adobe Reader Plugin for Firefox browser since a long time ago because of another reason (actually i don't really like opening files directly from the web especially PDF because it can cause a big slowdown to my system)

As a note, if you’re using Firefox you might try reading the Symantec weblog about this issue to find the quick fix for this problem

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Browsers, Computer Security, Firefox, Hacking, Internet, Mozilla, Network and Security

Wow .. i just got back .. and i read a very interesting news about the recent wordpress html injection vulnerability issue that is exists on several .. um .. almost all versions of wordpress below 2.0.6 (well i dont know anything about the 1.x series of wordpress because i never use it before)

Fortunately there is already a fix for this problem and you can do it by applying the latest patch from Wordpress Trac into the templates.php file in your wp-admin directory

As as a note, if you want to see a proof of concept regarding this wordpress issue, you can go to David Kierznowski homepage and see it by yourself

And yet another note, Wordpress 2.0.6 RC2 has been released (from the WP-Testers Mailing Lists) and this new release candidate already include a fix for this problem

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 5 comments

0x87485B96 | Tags : Computer Security, Freeware, Network and Security, Open Source, PHP, Software, Wordpress

Even the most favorite browser for geek (well at least only some people know about it judging by the number of Internet Explorer users that is still high) known as Mozilla Firefox .. has some vulnerability issue .. and surprisingly this bug exists on the new Firefox 2 release …and just in case you want some proof about this .. then try opening this page and you’ll see Firefox 2 crashed .. the only solution for this :

• Use NoScript Extension
• Disable Javascript Completely on Firefox 2

Yep that’s all … by the way i just tested it with / without javascript enabled and the result is :

• If you enabled Javascript in Firefox with / without additional extension .. you’ll see firefox crashed
• If you disable Javascript .. then you can see the page without problem :D

And just in case you want to run it on your own computer without loading that page first .. here’s the script (copied from that page) :

<script type="text/javascript">
function do_crash()
{
var range;

range = document.createRange();
range.selectNode(document.firstChild);
range.createContextualFragment('<span></span>');
}
</script>

 Related Link :

• Firefox createRange Crash (Exploit)
• Firefox 2 Death

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Browsers, Computer Security, Firefox, Guide, Journal, Mozilla, Tutorials

Google just released Google Codesearch to public recently, and just like it’s main search engine … this new feature from Google can be used by malicious users to get sensitive data. For example, database password including it’s username, looking at the source code of malicious program, etc. And that’s all happening because most users always put their compressed backup file in the public directory that can be read by everyone including Google Codesearch and in this case is the public html directory of your server.

Fortunately Google always obey the robots.txt structure, unlike some major search engine. So the only solution to the Google Codesearch is by blocking access to that directory by using robots.txt, but because everyone can see your robots.txt file then it can cause problem too if the malicious users can see that directory. And the only solution i can think of to avoid this :

• Create a robots.txt to block bot access the important directory and create another subdirectory under the important directory but do not put the subdirectory name in your robots.txt file because it can be seen by the malicious users, for example /public_html/important_directory/the_subdirectory
• Create a .htaccess file to block everything including yourself to the important directory (don’t try this if you do not have access to FTP / File Manager)
• and don’t forget to Disallow Directory listing, you can do it easily by using .htaccess

Although there’s alot of possible solution, the best thing to do is never put your very sensitive data in your public_html directory of your server (unless your server got totally hacked or there’s another exploit) especially your backup file which most not tech savvy users did. Anyway let’s just hope that Google Codesearch get fixed / modified and they’ll automatically filter some important stuff like that.

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Computer Security, Google, Guide, Internet, Privacy, Tutorials

I just uploaded the latest PCMAV Antivirus 1.0 RC 8, and just like the previous PCMAV release, this release contain several bugfixes and an update to the PCMAV Antivirus engine itself so it can detect and clean more virus from your computer. A more detailed list on what virus can be removed using the free antivirus can be read on the readme file. And here’s a list of new virus that can be detected by PCMAV Antivirus 1.0 RC 8 :

• Aksika.msg-2
• Alisa.D
• Babat-B.C
• Brontok-1.B
• Brontok-1.C
• Brontok-8
• Brontok-12.G
• Brontok-Sensasi.F
• Buggie
• FluBurung
• FluBurung.msg
• Leena
• Moonlight-B.E
• PatahHati.msg
• Peta
• Riyani
• SomeFool.b64
• SomeFool.dll
• SomeFool.zip1
• SomeFool.zip2
• SomeFool.zip3
• SomeFool.zipped
• TamiFlu
• Toy
• Trojan.Dialer
• Tsunami.B
• Tsunami.C
• Unmul.B

As for the rest you can read it directly in the readme file ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Computer Security, Freeware, Security Tools, Software, Windows

Yesterday i just read about the recent security flaw in mod_rewrite modules in Apache HTTP Server that can make the web server process crash or allow arbitrary code execution by a malicious user. And here’s the announcement from the Apache HTTP Security team :

CVE-2006-3747: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.

Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team.

This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics:

• The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1)
• The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE).

Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally.

So in the other words, every users should update their Apache installation immediately, especially for those who’s already using a blogging platform like Wordpress, because if you want to use the Permalink feature, you’ll have to use mod_rewrite function and the Wordpress installation included that by default (except it doesn't have write access to the .htaccess file) but if you’re using your own computer as a server, then you should apply this update immediately

And here’s a link if you want to get more information about this issue :

• Apache HTTP Server 1.3.37 Released
• US-CERT Vulnerability Note VU#395412
• Apache Official Website

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Apache, Computer Security, Journal, Network and Security, Web Servers

Another zero-day exploit has been found on Microsoft Office Application which affect Microsoft Powerpoint 2000, 2002 / XP, 2003. This exploit can install keyloggers, adware, malware or any other malicious program (depending on what the attacker wants) on your computer when the exploited powerpoint presentation executed by the victims

So far there hasnt been any patch from the Microsoft. But Microsoft announced that the patch will be ready on 8 August 2006 or sooner as warranted. So until Microsoft already released the patch, do not open any powerpoint attachment (if its an email messages), or any powerpoint attachment that came from untrusted sources to prevent infection and always update your antivirus program.

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Computer, Computer Security, Windows

This ISO-9660 CD image file contains the security updates for Windows released on Windows Update on July 11th, 2006. It does not contain security updates for other Microsoft products. This CD image is intended for corporate administrators who manage large multinational organizations, who need to download multiple individual language versions of each security update, and who do not use an automated solution such as WSUS. Use this image to download multiple updates in all languages at the same time.

Download details: July 2006 Security Releases Bulk Update.

Here’s another collection for you guys who like to update your windows system to the latest security update available ;) without using Windows Update site first

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Computer Security, Freeware, Security Tools, Windows

Here’s some tips from me on how to prevent spyware from infecting your windows pc, and tips on how to remove most malware 

• Do not download files from unknown source especially if the file types are executable files and if you choose to download the files try scanning it first using your Antivirus program (most Antivirus nowadays can scan spyware too ) … for example i was using NOD32 and Kaspersky Antivirus 6 to scan all downloaded files and they can found most of spyware threat in an instant inside the software (including compressed setup files)
• Try not using Internet Explorer browser no matter what you do because there’s lot of vulnerability on Internet Explorer that can be exploited, and if you’re using Firefox on Windows try installing the NoScript Extension (future/known threat can be avoided by using this small extension for firefox) since most exploit use Javascript, and Java which is executed by the browsers. As a note i only use Opera to open trusted site only because it lacks of extension
• Always update your windows, but if you’re using a quota based internet like me. You should download Critical Update only to save the internet quota by searching from microsoft technet site (if you’re not using windows update) … for example to protect you from the Popular WMF Exploit (im not going into much detail here
• Don’t forget to set your Firefox to automatically remove private data such as cookies, etc to minimize risk from tracking cookies everytime you close the firefox browser’s window (you can do this by going into Options – Privacy – Settings), as an alternative way you can install the CookieSafe extension for Firefox (it acts like noscript extension but don’t forget after installing it, you must set it to Disable Cookies Globally *the default setting to allow cookies globally* and only allow trusted site to put cookies into your browser, for example yahoo, microsoft, etc)
• Pay attention when installing new software especially when there’s an option to install new toolbar for Browsers, etc. Always choose to NOT install it no matter what
• Download hosts file from MVPS Site and extract the hosts file to Windows Directory/System32/Drivers/etc (if you didnt customize the hosts file then choose to overwrite it) and dont forget to set the Hosts file attribut into System and Read Only. You can do this by typing this in command prompt / run

attrib +A +S +H +R "C:\Windows\System32\Drivers\etc\hosts"

Note: if your windows installation is on different drive then adjust it accordingly

• If your system already infected try downloading Spybot Search n’ Destroy or Ad-Aware to remove the spyware from your system (don’t forget to update it first before using it)
• Before downloading and installing new anti spyware software / products try checking the SpywareWarrior site, just in case its a Rogue/Suspect/False Anti Spyware (since most of windows users like to download new anti spyware software before validating it)
• Download task manager replacement software, since most malware block access to task manager (there’s alot on the internet so you can find one easily) … for example Process Manager from SysInternals
• Download this file and extract it into directory of your choice, right click on the .inf file and choose to install it (it’ll fix most registry errors caused by malware for example missing Folder Views, etc) …

Note : All credits to that file belong to the original owner, but since i collect them from various site and combine them all, i cant remember the site name

Hopefully i’ve put all the necessary information in here, if i missed anything feel free to contact me or post a comment here

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Browsers, Computer Security, Internet, Network and Security, Privacy, Tutorials, Windows

I’ve been using this content filtering proxy software for several months in conjunction with squid proxy and this free software greatly improves my browsing experience, since a lot of web banners, tracker, useless javascript, etc

has been filtered so i only view the real web pages without any adverts, tracker that disturb my browsing experience. Although there’s still a few bugs left in this content filtering software especially if you’re using this software with Mozilla Firefox 1.5.0.4 , this software deserves a try.
 
Here’s a what webcleaner can do :

• Remove unwanted HTML (adverts, flash, etc.)
• Popup blocker
• Disable animated GIFs
• Filter images by size, remove banner adverts
• Compress documents on-the-fly (with gzip)
• Reduce images to low-bandwidth JPEGs
• Remove/add/modify arbitrary HTTP headers
• Configurable over web interface
• Usage of SquidGuard blacklists
• Antivirus filter module
• Detection and correction of known HTML security flaws
• Basic, Digest and (untested) NTLM proxy authentication support
• Per-host access control
• HTTP/1.1 support (persistent connections, pipelining)
• HTTPS support (both forwarding and filtering)

But the most usefull features of this software is the Javascript filtering feature and removing IFrame tag from a website. Because alot of website banner/ads are put into IFrame tag, and there are a few site which is using javascript to display their ads (like sourceforge for example) or just to filter nasty javascript/html from webpages. So try it today

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Computer, Computer Security, Freeware, Internet Tools, Linux, Open Source, Privacy, Security Tools, Software, Windows

CCleaner is a freeware system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. But the best part is that it’s fast (normally taking less that a second to run) and contains NO Spyware or Adware! :)
CCleaner.com

This freeware (donationware actually). Is the best tools to clean up your PC from unused files such as internet history, internet browser cache from Internet Explorer, Mozilla Firefox and Opera, unused registry entries, and alot of unused application history in order to protect your privacy (if you were using a shared computer).

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Computer Security, Freeware, Privacy, Security Tools, Shareware, Software

Which security product stops the most zero-day threats?

When new viruses, worms and other malicious attacks strike, traditional signature-based technology is insufficient. Every minute you wait for an update is another minute that your comptuer and network are vulnerable to damage, infection, or identity theft. ThreatSense Heuristics closes the window of vulnerability by safely identifying and stopping malware as it runs on your computer.

NOD32 has consistently been rated as the best protection against zero-day outbreaks and attacks by the world’s leading antivirus testing organizations.

• www.av-comparatives.org is an Austrian research lab that performs retrospective tests.
• www.virustotal.com produces a newsletter listing vendors that detect outbreaks as they occur.

Proactive Antivirus - Heuristics and Signatures protection with The NOD32 Antivirus System

This shareware definitely one of the best antivirus out there that gives maximum protection for your computer security. I’ve tested this antivirus for an already known virus without using the latest update (which is virus definition from Januari 2006) and by using its advanced heuristic engine the virus can still be detected as an unknown virus.

This antivirus also gives an excellent scanning speed not even the Kaspersky Scanning Engine could beat the speed of NOD32 scanning engine.
 
Unfortunately this antivirus doesnt have a ProActive Defense feature like on Kaspersky Antivirus 6 which is quite usefull, because it can protect you from an unknown threat which works by Hooking itself into another process, or when other program trying to set the itself to automatically run on windows startup. Despite lacks of that feature this Antivirus still worth buying. But to provides greater protection for your pc, you should combine this antivirus with a Kaspersky Antivirus. For example i was using NOD32 to scan all downloaded files while Kaspersky Pro Active Defense continuosly monitoring in the background to provides another security on my computer. By the way, you can use 2 antivirus on your computer as long as you don’t activate the realtime protection of both antivirus at once.

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Computer Security, Security Tools, Shareware