Prepare for Corporate Layoffs

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

As I've been using Firefox for years to test newly developed web pages for compatibility and as a complementary browser, I also installed the latest alpha version and it's functioning and performing well so far.  Developers who install this test version, should use the "clean install" approach, where Firefox is completely removed including the settings found in user profiles managed in the Documents and Settings area.

Firefox 3.1 alpha version - Available for IT professionals
http://www.mozilla.org/projects/shiretoko/
http://www.mozilla.org/projects/firefox/3.1a1/releasenotes/
http://developer.mozilla.org/en/docs/Firefox_3.1_for_developers

Shiretoko Alpha 1 is an early developer milestone for the next version of Firefox that is being built on top of Mozilla's Gecko 1.9.1 layout engine, Shiretoko Alpha 1 is being made available for testing purposes only, and is intended for web application developers and our testing community. Current users of Mozilla Firefox should not use Shiretoko Alpha 1.

Shiretoko / Gecko 1.9.1 Alpha 1 introduces several new features:

• Web standards improvements in the Gecko layout engine
• Text API for the <canvas> element
• Support for using border images
• Support for JavaScript query selectors
• Several improvements to the Smart Location Bar
• A new tab switching behavior

Download site (for IT developers only)
http://www.mozilla.org/projects/firefox/3.1a1/releasenotes/#download

Security sites are warning users to get Adobe to carefully update or obtain their Flash Player browser plug-in. Malware writers are using get_flash_update.exe at hostile websites as one approach to trick folks. The flash player or associated security updates must only be installed from Adobe's official website.

Adobe Flash - Beware of fake downloads circulating
http://blogs.zdnet.com/security/?p=1648
http://blogs.zdnet.com/security/?p=1615
http://blogs.zdnet.com/security/?p=1640
http://isc.sans.org/diary.html?storyid=4828
http://www.virustotal.com/analisis/258fbdfb7eb6ecfedbf236533b03c945

QUOTE: Amidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates.

Adobe Bulletin - Importance of Verifying installers
http://blogs.adobe.com/psirt/2008/08/verifying_installers.html

QUOTE: We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.

Adobe Flash can be downloaded from the official site. One change I'd like to see there is to not bundle the Google Toolbar as a pre-checked option.

Abobe's official download site
WARNING: Be sure to uncheck the Google Toolbar option if this additional download is not desired
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Users need to cautious of email and website visitation:

Olympic 2008 Games - New Phishing sites emerge
http://blog.trendmicro.com/phishers-play-the-olympics/

QUOTE: Olympic tickets anyone? They are available in the Internet of course, but users beware: the bad guys are still working hard to steal from online users as the 2008 Beijing Olympic approaches.

Trend Micro Senior Advance Threats Researcher Paul Ferguson discovered a fake Beijing Olympics Web site supposedly selling tickets. The Los Angeles Times reports that Olympics officials have already asked federal courts to shut down certain Web sites that pose as sellers of tickets but actually are stealing credit card numbers and other confidential information.

There are already hundreds of victims who lost large amounts of money to this site according to a report by the Los Angeles Times.

The Internet Storm Center continues to provide an excellent resource for the latest breaking news as well as security best practices and techniques.  This latest post is worth highlighting as it shares 5 lessons learned in managing a network.  While the post is more oriented towards an ISP setting, the same concerns are also present in a corporate environment.

Securing A Network - Lessons Learned
http://isc.sans.org/diary.html?storyid=4822

SUMMARY OF FINDINGS SHARED IN ISC BLOG

Lesson 1 – Your logs and Log reports can be your most valuable tool and can give you an advanced warning of mail server abuse.  We have a lot of servers and many of them are email servers.  I monitor the log files daily to look for any obvious problems.

Lesson 2 – Customer computer’s without anti-virus and/or firewall protection are a big target, not just for them but for their ISP as well.  It absolutely amazed me how quickly a computer can go from compromised to abused and used. 

Lesson 3 – A mail server, no matter how well protected is in danger of being blacklisted. And once blacklisted it is really hard to get it off the list.

Lesson 4 – Many of our customers whose IP addresses have been identified with spamming have had 2 components in common.  They either had outdated anti-virus programs/or using free anti-virus programs and/or they were using programs to download music/movies from the Internet.

Lesson 5 – We have had a few instances where our small business customers had put up web servers or email servers.  They either had bad advice given to them or they used out of box solutions and their web servers/mail servers had been compromised.

The Storm Worm continues to try to infect folks by issuing sensational headlines news statements with dangerous links in the body of the email message. Any email URL link is always something to be cautious with, as malicious URLs are easier to get through email filtering controls than infected attachments.  Individuals should continue to be on the lookout for more social engineering schemes like this.  

Storm Worm - The FBI does not have access to Facebook
http://www.f-secure.com/weblog/archives/00001475.html

QUOTE: Over the last few weeks we've seen a bunch of different Storm themes and we don't blog about all of them because it would get pretty repetitive after a while but it's interesting for us to follow them as the group behind them are sometimes very innovative and sometimes fall back on tried and tested themes.

The latest round which started today talks about FBI getting instant access to Facebook accounts.  The file itself is almost a non-event as it's detected by pretty much all vendors already but the theme is new. And we've seen them change themes a lot during the last month.

June 23 - Beijing earthquakes/disaster
July 3 - 4th of July
July 8 - US invasion of Iran
July 21 - New US currency, Amero
July 24 - Love and postcards
July 28 - FBI & Facebook

As I've been using Firefox for years to test newly developed web pages for compatibility and as a complementary browser, I also installed the latest alpha version and it's functioning and performing well so far.  Developers who install this test version, should use the "clean install" approach, where Firefox is completely removed including the settings found in user profiles managed in the Documents and Settings area.

Firefox 3.1 alpha version - Available for IT professionals
http://www.mozilla.org/projects/shiretoko/
http://www.mozilla.org/projects/firefox/3.1a1/releasenotes/
http://developer.mozilla.org/en/docs/Firefox_3.1_for_developers

Shiretoko Alpha 1 is an early developer milestone for the next version of Firefox that is being built on top of Mozilla's Gecko 1.9.1 layout engine, Shiretoko Alpha 1 is being made available for testing purposes only, and is intended for web application developers and our testing community. Current users of Mozilla Firefox should not use Shiretoko Alpha 1.

Shiretoko / Gecko 1.9.1 Alpha 1 introduces several new features:

• Web standards improvements in the Gecko layout engine
• Text API for the <canvas> element
• Support for using border images
• Support for JavaScript query selectors
• Several improvements to the Smart Location Bar
• A new tab switching behavior

Download site (for IT developers only)
http://www.mozilla.org/projects/firefox/3.1a1/releasenotes/#download

Security sites are warning users to get Adobe to carefully update or obtain their Flash Player browser plug-in. Malware writers are using get_flash_update.exe at hostile websites as one approach to trick folks. The flash player or associated security updates must only be installed from Adobe's official website.

Adobe Flash - Beware of fake downloads circulating
http://blogs.zdnet.com/security/?p=1648
http://blogs.zdnet.com/security/?p=1615
http://blogs.zdnet.com/security/?p=1640
http://isc.sans.org/diary.html?storyid=4828
http://www.virustotal.com/analisis/258fbdfb7eb6ecfedbf236533b03c945

QUOTE: Amidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates.

Adobe Bulletin - Importance of Verifying installers
http://blogs.adobe.com/psirt/2008/08/verifying_installers.html

QUOTE: We have seen coverage from the security community of a worm on popular social networking sites that is using social engineering lures to get users to install a piece of malware. According to the reports, the worm posts comments on these sites that include links to a fake site. If the link is followed, users are told they need to update their Flash Player. The installer, posted on a malicious site, of course installs malware instead of Flash Player.

Adobe Flash can be downloaded from the official site. One change I'd like to see there is to not bundle the Google Toolbar as a pre-checked option.

Abobe's official download site
WARNING: Be sure to uncheck the Google Toolbar option if this additional download is not desired
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Users need to cautious of email and website visitation:

Olympic 2008 Games - New Phishing sites emerge
http://blog.trendmicro.com/phishers-play-the-olympics/

QUOTE: Olympic tickets anyone? They are available in the Internet of course, but users beware: the bad guys are still working hard to steal from online users as the 2008 Beijing Olympic approaches.

Trend Micro Senior Advance Threats Researcher Paul Ferguson discovered a fake Beijing Olympics Web site supposedly selling tickets. The Los Angeles Times reports that Olympics officials have already asked federal courts to shut down certain Web sites that pose as sellers of tickets but actually are stealing credit card numbers and other confidential information.

There are already hundreds of victims who lost large amounts of money to this site according to a report by the Los Angeles Times.

The Internet Storm Center continues to provide an excellent resource for the latest breaking news as well as security best practices and techniques.  This latest post is worth highlighting as it shares 5 lessons learned in managing a network.  While the post is more oriented towards an ISP setting, the same concerns are also present in a corporate environment.

Securing A Network - Lessons Learned
http://isc.sans.org/diary.html?storyid=4822

SUMMARY OF FINDINGS SHARED IN ISC BLOG

Lesson 1 – Your logs and Log reports can be your most valuable tool and can give you an advanced warning of mail server abuse.  We have a lot of servers and many of them are email servers.  I monitor the log files daily to look for any obvious problems.

Lesson 2 – Customer computer’s without anti-virus and/or firewall protection are a big target, not just for them but for their ISP as well.  It absolutely amazed me how quickly a computer can go from compromised to abused and used. 

Lesson 3 – A mail server, no matter how well protected is in danger of being blacklisted. And once blacklisted it is really hard to get it off the list.

Lesson 4 – Many of our customers whose IP addresses have been identified with spamming have had 2 components in common.  They either had outdated anti-virus programs/or using free anti-virus programs and/or they were using programs to download music/movies from the Internet.

Lesson 5 – We have had a few instances where our small business customers had put up web servers or email servers.  They either had bad advice given to them or they used out of box solutions and their web servers/mail servers had been compromised.

The Storm Worm continues to try to infect folks by issuing sensational headlines news statements with dangerous links in the body of the email message. Any email URL link is always something to be cautious with, as malicious URLs are easier to get through email filtering controls than infected attachments.  Individuals should continue to be on the lookout for more social engineering schemes like this.  

Storm Worm - The FBI does not have access to Facebook
http://www.f-secure.com/weblog/archives/00001475.html

QUOTE: Over the last few weeks we've seen a bunch of different Storm themes and we don't blog about all of them because it would get pretty repetitive after a while but it's interesting for us to follow them as the group behind them are sometimes very innovative and sometimes fall back on tried and tested themes.

The latest round which started today talks about FBI getting instant access to Facebook accounts.  The file itself is almost a non-event as it's detected by pretty much all vendors already but the theme is new. And we've seen them change themes a lot during the last month.

June 23 - Beijing earthquakes/disaster
July 3 - 4th of July
July 8 - US invasion of Iran
July 21 - New US currency, Amero
July 24 - Love and postcards
July 28 - FBI & Facebook