Royal Scams

It's great news that the William and Kate have had a royal baby boy!

However, as with most high profile news stories, you need to be very cautious of scammers and fraudsters using the good news as a means for distributing malware and committing fraud.  

Remember if it sounds too good to be true, then it probably is! 

If someone's sending you a link to a picture or something else then you need to keep a few things in mind:

1. Just because a link or email has come from a trusted friend, doesn't mean to say that its a safe email. Their account might have been hacked. 

2. If it's legitimate and nothing bad or malicious then it should be available elsewhere on the net - places like the BBC website keep up to date with all the news and gossip - try looking there 

3. Always be careful opening attachments. 

Who Has Visited My Facebook Page?

It's a constant re-occurring question as to finding out who has visited your Facebook page.

The only system that can keep track of this information is the Facebook page itself - plugins and apps are not able to perform this type of tracking and so if you find a third party system that claims to provide a LinkedIn style list, it should be considered to be bogus.  The intention could either be to get as many visitors (page hits) as possible or to do something nasty, such as gain control of your account. 

ISP Phone SCAM

It's a crime!

The dodgy folk are now trying a new variation on the previously mentioned Microsoft Scam.  

They've obviously realised that word has got round that nobody is trusting the "I'm speaking from Windows" speech and now they've replaced it with "I am from Technical support at your Internet Service Provider", they say something along the lines of "we have noticed on our servers that each time you switch your computer on, you are not getting full internet speed and this is because of a virus on your machine. " 

Vulnerability Research into CVE2012-1852

I'm currently working on a project for my Msc in Computer Security to investigate CVE2012-1852, which is a vulnerability within Windows XP and the mechanism for discovering other computers located on the network.  It means that a Windows XP machine can be compromised just by opening a list of networked computers. 

Null Terminated String Copy

Research into a heap buffer overflow error in Windows XP version of NetApi32.dll reveals that the code is using a null terminated string copy.  The patched version of the same dll shows that the copy code has been replaced by a better function that checks the size of the destination buffer.

It's all about trust

Before the days of social networking, hackers and malicious types had to rely on email to distribute their evilness.  They'd send an email with an infected attachment of something that looks interesting that are designed to tempt you in opening the file.  Things like "Cat does handstand on top of dog's head", "Naked Man with big tennis balls at Wimbledon"  or "Cute girl on Channel 4 Countdown spells rude word" - most people caught onto the fact that a lot of these unsolicited emails will most likely contain a virus meaning that the trust in email attachments has been lost and therefore the possibilities of attack via email becomes much less.

Moving into the 21st century and the overwhelmingly popularity of social networking sites, such as facebook and twitter, the malicious hacker is provided a whole new and far more powerful means of infecting hundreds, thousands or even millions of people - the reason is TRUST.

Where Does It Go?

So you're enjoying spending some time on Twitter and catching up on the latest trending topic when someone you've never heard of before sends you a shortened link - Do you click it?

Google Poisoning

Google's Adwords Keyword finder says that the word "Google" has  a huge google search rate a month!

Another highly searched for term is "What is Google?"

Telephone Scam - Not Microsoft or Windows

If someone phones you up and says that they're from Microsoft or "Windows" and that there's a problem with your computer being infected by a virus,  just say "no thanks" and hang up.

Its not Microsoft or anything to do with Windows - they never phone people up at home out of the blue like this.

It's a scam!  

Some of the aims of the scam are:

• Gain access to your computer to install viruses and other bad programs to monitor everything you do
• Obtain banking information - credit card information
• Charge you a lot of money for supposidly fixing this problem that doesn't exist

What Is Internet Security?

Lots of people ask the same question:

What is Internet Security?

MS08-067 As used by Conficker and Stuxnet

How do Worms travel?

Strictly speaking, a computer virus doesn't spread across a network whereas a computer worm can travel from machine to machine. But how do worms move between machines?

A vulnerability with the catchy name of MS08-067 was used by Stuxnet and Conficker to worm themselves across Local Area Networks but how did it work?  I spent a reasonable amount of time reverse engineering the vulnerability to discover how it was exploited. 

Why do goldfish need Cookies?

What are cookies and why are they required?

Implications of using BitTorrent and other peer2peer software

Programs such as BitTorrent are popular for sharing and downloading files.

However, apart from the legalilty of sharing copyright material,  there are serious security concerns that whilst someone might be downloading the latest James Bond film, "adult entertainment" or Dr Who episode...  the P2P(Peer-2-Peer) software could also be used as an easy access tunnel into the user's computer.

Dangers of Open Wi-fi Hot Spots

Open and free Wi-Fi spots sound great - internet anywhere!  But what are the IT security dangers?

The Importance of Passwords

Imagine what the world would be like if all the keys and locks were the same?

It would mean that you wouldn't need to remember which key goes where - you just pick up one key and can use it to lock-up your own house, visit granny without waking her up, surprise a few friends by calling in unannounced and look after the neighbour's cat while their on holiday. But there is a problem!

Is email secure?

In one word “No” email is not secure!

If it is used to transmit personal details, especially things like bank account details - even to a trusted friend or organisation - it is comparable to posting the same details on the side of a bus with a message saying "FREE MONEY HERE!"