mysecurepc.com blog

Cisco announced that 77 of its routers are open to drive-by pharming. What this means is that if a bad link is clicked on, a JavaScript program is launched and, using the default router password, logs in to the router and redirects it to nefarious sites.

Fortunately the fix is easy: change the router’s default password to something that is hard to guess. Do not use passwords like ‘admin’ or leave it blank. These are too easy to guess. If there is doubt, creating a strong password is easy to do. The password change should be done regardless of what router you have.
Doug

There is a vulnerability in Acrobat Reader 7 that can expose the user’s hard drive to hackers. The flaw was identified by the Chaos Computer Club in Germany. Internet Explorer and Firefox are both susceptible to this problem. It is highly advised to upgrade to Acrobat Reader 8 as soon as possible.

Doug

This was on the news in Las Vegas the other day but is prevalent around the country. The ruse is this: a crook copies down pertinent information off gift cards, usually hanging next to the checkout line. Then the crook periodically calls to see if it has been activated. If so, then it is off to a spending spree.

One of the best ways to avoid this, other than not using gift cards, is to buy one that is behind a counter…of course the attendant may not be on the level but that is another story.

Doug

The trend these days is for companies, such as antivirus or web hosting ones, to encourage you to sign up for automatic renewal by using your credit card. They claim it is for the good of the customer so his antivirus updates do not expire or their domains do not lapse.

I do not like automatic renewal. Period. I keep track of these end dates and also get notified by email when the product expires. Too many stories exist about how hard it is to end automatic renewal with a company, regardless of their reputation. So I say no to these offers.

Doug

Many people buy their computer hardware, such as wireless equipment or routers, from discount stores. I use to do this until I found out that much of the hardware is out of date. And the only way to know it is out of date is to research the product for the latest version and open the box you intend to buy and check the version.

For example, I bought a router with a version of 1.1. When I went to update the firmware, I found the latest hardware version was 3. Yeow! After comparing the versions, v1.1 was missing a few important security features that v3 had. Lesson learned.

Doug

Since a PDF file can execute Javascript it is vunerable to malicious use. It has been shown that (as of 9/19/2006) that a fully patched Adobe product will execute malicious Javascript when the infected PDF file is open. There has been no reports of an actual virus but conceptually it is possible. Adobe is investigating the issue.

Doug

AOL has released a security monitor that rates a computer’s security defense. It chooses a number between 1 and 100 to rate your system. It analyzes your firewall, antivirus program, antispyware program, wireless security and several other indicators then rates it. Recommendations are provided on how to fix problems.
You can get it for free here.

Doug

Again and again. Ohio University had social security numbers and other private information stolen off its servers. Was the data encrypted? I doubt it since it was not mentioned in the article. 137,000 people were affected.
We here at mysecurepc.com have always advocated: no school, whether it’s kindergarten or a university, has any reason to have your social security number. None. I know several people who have gone to university classes without giving a social security number, myself included.

Doug

A rootkit is a set of software programs that are permanently undetectable on a computer. Generally, rootkits are used by viruses to store malicious software to use when instructed. Sometimes companies (recently a major music conglomerate) use a rootkit to keep legitimate software tools or files.
What is the problem with rootkits? Antivirus programs do not scan rootkits because they cannot find them, so even if a innocent rootkit exists, it could contain contaminated files or a virus can store its bad software inside. The solution is to make these files detectable. When a company releases a fix, this is what typically occurs.