Tag: Security

Turn off Windows Security alert pop ups

Turning off Automatic Updates can cause Windows Security Alert pop-up balloons to appear in the taskbar tray every time you log on.
1. Turning off Automatic Updates causes error balloons featuring a red shield. Windows XP allows you to suppress any warnings that relate to Automatic Updates. You can also do this in Vista but, unfortunately, the newer OS forces you to turn off all security alerts just to suppress the Automatic Updates warnings.
 
To eliminate the warning balloons about Automatic Updates in both XP and Vista, take these steps:
 
Step 1. Double-click the red shield icon in the taskbar, or open the Control Panel and launch the Security Center.
 
Step 2. In the left pane or box, click Change the way Security Center alerts me.
 
Step 3. In XP, uncheck Automatic Updates and click OK. In Vista, select the second or third option.

Personal Identity Provider

We recently picked up a Paypal security key to allow multi factor authentication on Paypal and Ebay. Wouldn’t be nice if a security like this worked with all two factor autenication sites? Well, the closest thing is something called Openid which is an open source solution that provides a digital identity.
 
Now the great thing is that Verisign is now supporting Openid. If you go to http://pip.verisignlabs.com and sign up for a free account you can then use the account on any site that uses Openid (which is growing fast) but the really great thing is that is this Verisign service allows you to link the Paypal security key. This means when you use an Openid site you can can also use your Paypal security key to provide addition security via a one way password that is generated by the Paypal security key.
 
Why is this so good? because now you only need one security dongle! If the Openid standard begins to catch on, which it looks like it will, then the standard web security option would be Openid and a Paypal security key. Wouldn’t that be cool?

The most vulnerable part of your PC may not be Windows

Recent surveys have shown that the greatest number of vulnerabilities that exist on user systems these days are related to all the add on programs that are installed.
 
Applications like iTunes, Flash and Acrobat to name but a few are rarely updated once they are installed yet they continue to be used on a regular basis. The problem for most users is how do they keep up with all the updates that maybe required on their systems? Not easy.
 
Here at least is a web site that wil tell you what is not up to date :
 
 
Microsoft Windows Update is used to determine if your system is missing security updates from Microsoft.

The Secunia Software Inspector covers the most common/popular end user applications:
* Internet browsers
* Internet browser plugins
* Instant messaging clients
* Email clients
* Media players
* Operating systems

Trend Clients cannot update from the Security Server running on Windows Server 2003 Service Pack 2

 
Problem:

The Client Server Messaging Security for SMB (CSM) clients cannot update from the server, and the IIS logs show a 405 error.
Solution:
     

To resolve the issue, please do the following:
   

1.

Open the IIS Manager.

   

2.

Double-click Web Sites and then right-click the OfficeScan website.
   

3.

Click Properties and then go to the Home Directory tab.
   

4.

In the Execute permissions field, choose Scripts and Executables from the dropdown menu.
   

5.

For the options under Local path, select the following check boxes:
   
 

Read

 

Write

 

Log visits

 

Index this resource

   

6.

Click Apply.
   

7.

When the Inheritance window appears, click Select All > OK.
   

8.

Go to the Windows Services console and restart the following:
   
 

World Wide Web Publishing Service
 

Trend Micro Security Server Master Service
   

9.

Log on to the Security Dashboard.

Netgear router into modem mode

If you have a Netgear Dg834 you can put it into modem only mode via the following URL :
 
 
Assuming the modem is at IP 192.168.0.1. Now if you attempt to access this page and you get an error then what you will need to do is upgrade the router firmware to the latest version. Once that is installed and router rebooted you should be able to access this page.

Paypal two factor authentication

Did you know that Paypal has a two factor security available if you are a registered PayPal member? Yes, you can order a security key via :
 
 
It now means that when you use your Paypal (or Ebay) account you simply append the number displayed on the key (when you press it) to end of your paypal password to gain access. Next time you want access you again press the key and again append the number displayed to your password. So everytime you now Paypal account it will require a unqiue password! Now that makes it really secure.
 
The cost of the key is only AUD$7.50. So if you use Paypal (or Ebay) extensively and you want to ensure that your account has the highest level of security we think this new security key is cheap, real cheap.

Trend and WINVNC

All of sudden yesterday night we started receiving all these warnings that Trend CSM suit had detected multiple virus instances. The emails were flowing in from many sites we monitor every two minutes. Further investigation indicated that these warnings were being generated by WINVNC.EXE, which for those of you who don’t know is a free remote access tool.

Now it was simple enough to go an create the exceptions in each Trend CMS console to stop these notifications but the question was why did they happen? They didn’t happen on every site, even though other sites did have this software installed. Strange.

The issue has now apparently gone away so all we can deduce is that it had something to do with a recent virus definition update. As we said before, strange.