Security news and information

One of the BC moderators, TG1911, recently referred me to a new FireFox extension and Internet Explorer plugin that he wanted to add into our popular Freeware Replacements for Common Commercial Applications thread. This program, called KeyScrambler Personal, is an anti-keylogger application that can be used to encrypt data that you input into a browser.  It works by encrypting your keystrokes at the keyboard driver level and then decrypting them when they reach your browser.  As keyloggers attempt to read from the keyboard driver, they will now only be able to see the encrypted keystrokes.

The program comes in two versions, a Personal and a Pro version. The Personal version is free and will encrypt all logon input when logging into a site. The Pro version, on the other hand, costs $24.99 but will encrypt all input that you enter while using a site.

While using the Personal version when I visited a site that contained a logon form the browser would show a small popup that stated that my input was being protected by Key Scramber as shown in the image below.

As I input data into the login form, that same popup will show the encrypted data that the keylogger will see. 

In order to properly test this, I needed to install a keylogger and see if it worked.  I fired up Vmware and then installed KeyScrambler.  I then used the below test method using three different commercial keyloggers - Actual Spy, PC ACME Professional, and Keyboard Spectator Pro (KGB Spy) 3.30.  For this review I will go over my experiences when using Actual Spy.

First, I fired up FireFox, disabled Keyscrambler, and went to Hotmail to sign in with a fake account.  As you can see from the image below, Actual Spy did record the correct text I entered.  So now I know the keylogger is capturing my keystrokes and I can continue with my experiment.

I now went into the FireFox KeyScrambler extension properties and enabled it so it would protect my login data.  When visiting Hotmail again and entering the same fake login information, Actual Spy once again recorded the key strokes.  This time, though, the keystrokes were encrypted!

I now performed the same procedure using Internet Explorer where it worked just as well.  This entire procedure was tested again using the other two keyloggers.  They all produced the same results; KeyScrambler is encrypting the keystrokes before it gets to them.

For those who are looking for a free way to protect their login information from a keylogger, this seems like the perfect tool to use.  It’s easy to use, requires no work on your side other than the install, and works nicely.  I know I am now using it.

Tags: keyscrambler, firefox, internet explorer, keylogger, security

The latest in a long line of fake codecs was discovered today by Miekiemoes.  Instead of using names deriving from precious metals, as reported by Sunbelt, they now have moved on to body parts.  Introducing BrainCodec; the latest site ready to infect you with VirusBursters.

This is so new in fact, that though the BrainCodec has its own domain and its own braincodec.107.exe, they forgot to change the web site itself.  As you can see the web site is still showing the layout and image for Gold Codec.

What happened to Gold Codec then?  They reverted it back to a parked domain at our favorite malware registrar, and hoster, ESTDomains.

Information on Brain Codec is:

braincodec(dot).com
85.255.117.198

Domain Name: BRAINCODEC.COM

Registrant:
na
Alex Plawsky (alex@braincodec.com)
ul. Chłodna 51
Warszawa
null,00867
PL
Tel. +48.22528102

I can’t wait for toecodec to be released.

Tags: No Tags

Thomas Dullien, head of research for reverse-engineering tool maker Sabre Security, posted on his blog that a feature in Windows Vista will help to block the rash of client side exploits that have been targeting Microsoft Office.  This new feature called address space layout randomization, or ASLR, spreads data randomly through a process’s memory space.  Doing this makes it much harder for an attacker to pick the right memory address that it needs to target in order to exploit a known security risk.

Tags: No Tags

Businessweek.com has a new cover story titled The Soul Of A New Microsoft which  focuses on the new breed of leaders who are be paving the way for Microsoft to new branches of technology like the XBOX and Zune. The article predominantly focuses on the vice-president for design and development at its Entertainment & Devices unit, J Allard who was the team leader behind Zune.

lready, Allard and those like him are having an impact. They’re showing that strategies to move the company beyond Windows can emerge and be accepted by top brass as nonthreatening. A key moment came six years ago, when Allard insisted that the new Xbox video game console be developed without using Windows. In one meeting, Gates berated him for suggesting that the operating system wasn’t up to snuff. But Allard argued that it wasn’t specialized enough to handle video gaming. Gates eventually relented, in a decision that is widely seen today as a key to the console’s success.

The article is definitely an interesting read whether your into technology or business.

Tags: No Tags

Windows Vista comes with a new set of parental control features that allow you to set limits on an account’s web use, hours that they can use the computer, and games and programs they can run. Using these features a parent can control how a minor uses a computer.

The categories that can be enforced in parental control are:

• Web Filters - This category allow you to specify what sites a user can or cannot go to, whether they can download files, or if they are allowed to go to a site that matches a particular content.
• Time Limits - In this category you can specify the specific hours that a user can use a computer. If they attempt to logon during this time, they will be denied, and if they are currently logged on, will be logged off.
• Games - Here you can specify the game rating system that will be used, the highest rating of a game they can play, and choose specific games that they can or cannot play.
• Program Use - Specify the programs a user is allowed to run and is not allowed to run.

It is important to note that parental controls can only be assigned to Standard User accounts and not an administrator. You can see a video where we set the parental controls on a user and this video where we show these restrictions in place.

Tags: No Tags

The Microsoft Zune has received what could be the most critical and scathing review since its release.  In Andy Ihnatko’s review titled Avoid the loony Zune, Andy relates his horrible experiences during his week of playing with it.  The problems reported range from a horrible setup to lack of compatibility with Windows Media Player.

I personally do not own, or have tried, a Zune but if the reports from this article are true  then it does not sound like the iPod killer that Microsoft hopes it will be.  Some of the problems Andy ran into include:

• Horrible setup
• Lack of compatibility with Windows Media Player.  To me that doesn’t event make sense as it is Window’s flagship media program.
• Only the Zune software can sync with the Zune
• No support for podcasts.
• Having to purchase Zune points ($5 blocks) instead of just using real money to purchase a song for $0.99.

For more information please read the original article while I leave you with one of Andy’s comments:

“Avoid,” is my general message. The Zune is a square wheel, a product that’s so absurd and so obviously immune to success that it evokes something akin to a sense of pity.

Tags: No Tags

Are you a Windows Desktop Search user?  If so then you may be interested in learning the advanced queries that you can use to search for information on your computer.  This list contains all the various query terms and operators you can use in a search query.

The following tables describe the syntax to use with Windows Desktop Search, as well as the properties that can be queried for each category of file displayed in the Desktop Search results window.

You can restrict your query to specific locations, specific file types or properties within those types, or specific “file kinds.” File kinds refer to the categories displayed at the top of the Windows Desktop Search results window.

Tags: No Tags

A new command introduced in Windows Vista is the mklink command.  This command create a symbolic link between one directory/file and another directory/file.  As long as you are an administrator, you can use this command to make a link anywhere on your computer that points to another file or directory anywhere on your computer.

You may be wondering why this is useful.  Well I have folders stashed all over my hard drive that I use quite often.  My tutorials is nestled deep down in one folder, my images in another, videos over there and documents somewhere else.  To make my life easier, I can use mklink to create symbolic links to all of these folders in one location.  Now I have a folder that contains links to all my commonly used data. 

For example, if I had data scattered across my hard drive I could create a directory called C:\Work and then in a cmd prompt at the C:\Work folder issue these commands:

mklink /D docs d:\Word\Documents
mklink /D images d:\content\site\static\images
mklink /D videos d:\content\site\videos

Now I will have folders C:\Work\docs, C:\Work\images, and C:\Work\videos that are easily accessible and easy to type.

Tags: No Tags

In a previous blog entry I stated that Virtual PC does not have the ability to create multiple snapshots like Vmware does.  Since then I have been apprised that though this is true, there are two workarounds that can allow you to create multiple states or snapshots.

The first method is to simply backup the virtual machine folder and rename it.  Then if you need to restore to the state contained in the backup you can copy the contents of the backup into the normal virtual machine folder.  Though this will work, it’s time consuming and can take up a great deal of extra storage space on your hard drive fi you start backing up different snapshots of the same virtual machine.

Another method that I have learned is to use something called differencing disks. These disks are used to store any changes that are different from a parent disk.  This enables you to install a fresh install of an operating system which becomes the parent.  You can then make further virtual machines of the same OS containing a differencing disk and set to use the parent as the parent disk.  The differencing disks are used to store only changed data compared to the original parent install.  This keeps the differencing disks small and allows for multiple installation points.  Please visit this tutorial for more information and steps on doing this.

Though these methods do work, in my opinion they are still not as easy to use as Vmware’s snapshots.  On the other hand, if you do not want to fork over the cash, then these may be perfectly good solutions.

Tags: virtual pc, microsoft, virtual machines

If you have been following the blog entries here, you could tell that I am a big Virtual Machine user.  I use it when writing blog entries, creating tutorials, and analyzing malware.  My Virtual Machine software of choice is Vmware Workstation.  Last week someone on the BC IRC channels mentioned that I should give Virtual PC a try as it is free and a very good program.  I had tried it in the past, but never really got down and dirty with it, so decided to give it a workout.

Virtual PC Screen

Overall Virtual PC does the same thing as Vmware Workstation.  It provides the ability to run another operating system within your normal one.  This is great for a variety of activities as described above.  There are though some glaring differences that I will point out.  Let’s start with the positive aspects of Virtual PC.

1. It’s faster.  Whether it’s in my head, or not, when using Windows XP Pro under Virtual PC there is definitely a more snappy feel to its operation compared to Vmware.
2. It is easy to use.  Though Vmware is not rocket science, the wizard in Virtual PC makes it so even a novice user can set up a virtual machine.
3. I can resize the desktop simply by resizing the main Virtual PC window.
4. Terrific Windows virtual machine support.
5. Shared folders are much easier to use.
6. Free!

Unfortunately, for me at least, the negatives far outweigh the positives:

1. No multiple Snapshots! This is by far the biggest downfall of Virtual PC.  Snapshots are when you basically take a image of the current state of the Virtual Machine which you then have the ability to restore to at any point.  Vmware supports multiple snapshots so you can do a fresh install and make a snapshot and then make snapshots of other installation or testing milestones.  Virtual PC’s has the ability to only make one snapshot which makes the program almost non-functional for me.
2. No screen snapshot ability like Vmware has.
3. No ability to create a video of your virtual machine.
4. Inferior support for non-Windows virtual machines.

I personally can’t live without multiple snapshots.  Virtual PC not having that one feature was really the decision maker.  I use multiple snapshots a great deal and without them certain tasks become a complete nuisance. Unfortunately, from what I have read Virtual PC 2007 does not fix these issues but instead focuses on performance, which is always a good thing, and Vista compatibility.  Maybe multiple snapshots in 2010?

Tags: No Tags