Websense 2010 Threat Report - Key Findings Web Security

Websense 2010 Threat Report - Key Findings Web Security:

• Websense Security Labs identified a 111.4% increase in the number of malicious websites from 2009 to 2010.
• 79.9% of websites with malicious code were legitimate sites that have been compromised— an increase of 3% from the last previous period.
• Searching for breaking trends and current news represented a higher risk (22.4%) than searching for objectionable content (21.8%).
• The United States was the top country hosting phishing sites in 2010.

http://www.websense.com/content/threat-report-2010-web-security.aspx

the invisible bond vigilante and the confidence fairy.

Op-Ed Columnist - Myths of Austerity - NYTimes.com: "So the next time you hear serious-sounding people explaining the need for fiscal austerity, try to parse their argument. Almost surely, you’ll discover that what sounds like hardheaded realism actually rests on a foundation of fantasy, on the belief that invisible vigilantes will punish us if we’re bad and the confidence fairy will reward us if we’re good. And real-world policy — policy that will blight the lives of millions of working families — is being built on that foundation."

“”‘’…

the invisible bond vigilante and the confidence fairy.

Op-Ed Columnist - Myths of Austerity - NYTimes.com: "So the next time you hear serious-sounding people explaining the need for fiscal austerity, try to parse their argument. Almost surely, you’ll discover that what sounds like hardheaded realism actually rests on a foundation of fantasy, on the belief that invisible vigilantes will punish us if we’re bad and the confidence fairy will reward us if we’re good. And real-world policy — policy that will blight the lives of millions of working families — is being built on that foundation."

“”‘’…

the invisible bond vigilante and the confidence fairy.

Op-Ed Columnist - Myths of Austerity - NYTimes.com: "So the next time you hear serious-sounding people explaining the need for fiscal austerity, try to parse their argument. Almost surely, you’ll discover that what sounds like hardheaded realism actually rests on a foundation of fantasy, on the belief that invisible vigilantes will punish us if we’re bad and the confidence fairy will reward us if we’re good. And real-world policy — policy that will blight the lives of millions of working families — is being built on that foundation."

“”‘’…

the invisible bond vigilante and the confidence fairy.

Op-Ed Columnist - Myths of Austerity - NYTimes.com: "So the next time you hear serious-sounding people explaining the need for fiscal austerity, try to parse their argument. Almost surely, you’ll discover that what sounds like hardheaded realism actually rests on a foundation of fantasy, on the belief that invisible vigilantes will punish us if we’re bad and the confidence fairy will reward us if we’re good. And real-world policy — policy that will blight the lives of millions of working families — is being built on that foundation."

“”‘’…

the invisible bond vigilante and the confidence fairy.

Op-Ed Columnist - Myths of Austerity - NYTimes.com: "So the next time you hear serious-sounding people explaining the need for fiscal austerity, try to parse their argument. Almost surely, you’ll discover that what sounds like hardheaded realism actually rests on a foundation of fantasy, on the belief that invisible vigilantes will punish us if we’re bad and the confidence fairy will reward us if we’re good. And real-world policy — policy that will blight the lives of millions of working families — is being built on that foundation."

“”‘’…

Regular domains beat smut sites at hosting malware • The Register

Regular domains beat smut sites at hosting malware • The Register:

"A study by free anti-virus firm Avast found 99 infected legitimate domains for every infected adult web site."

If you're not vigilant there's a good chance your computer is not your computer anymore, kudos to Deb Shinder and Win7News http://www.win7news.net/archives

http://www.theregister.co.uk/2010/06/30/unsafe_surfing/

Researchers Beat Clickjacking Defenses of Top Websites - Security from eWeek

Researchers Beat Clickjacking Defenses of Top Websites - Security from eWeek:

"Four researchers from Stanford and Carnegie Mellon outlined how frame busting, a protection meant to defeat clickjacking, can be circumvented on Twitter and other popular sites.

New research has found a common defense used by Websites to prevent clickjacking attacks can be broken.

Clickjacking uses malicious iframes to take control of a Web surfer’s clicks and hijack their Web session. The term clickjacking was first used in 2008 by WhiteHat Security CTO Jeremiah Grossman and Robert "RSnake" Hansen, CEO of SecTheory. In order to combat the attack, Websites instituted techniques known as frame busting, which prevent a site from running when it is loaded inside a frame.

According to researchers (PDF) from Stanford University and Carnegie Mellon University, frame-busting isn’t as effective at preventing clickjacking as hoped. An analysis of the Top 500 Websites ranked by Alexa found all of the frame busting implementations could be circumvented. Some of the circumventions were browser-specific, while others worked across all browsers, the researchers found."

http://www.eweek.com/c/a/Security/Researchers-Beat-Clickjacking-Defenses-of-Top-Websites-386944/?kc=EWKNLNAV05312010STR2

Google Photos Blog: More ways to share your photos

Google Photos Blog: More ways to share your photos

If you use Picasa Web Albums, your options for sharing images and ease of use just took a step up.

Is It Still Your Computer?

“Software Patching Too Much Trouble For Most
By Thomas Claburn
InformationWeek
March 5, 2010 02:46 PM

The U.S. government is so flummoxed by the insecurity of computers that it has launched a contest to find someone who can create an effective way to educate people about computer security.

It's clear there's a problem. Recent legal action in Spain and in Virginia against the Mariposa botnet andthe Waledac botnet, two of the ten largest botnets that controlled tens of millions of hijacked computers, offers a reminder of just how many compromised computers are out there. These aren't just personal computers either; many of the infected machines have been found in major corporations and banks.

While education can reduce the number of malware infections by helping users to understand that the joke in e-mail messages with subject lines like "LOL! Check this out!" is on the recipient, in the form of malware, the defensive value of timely patching shouldn't be overlooked.

The problem with patching, unfortunately, is that it's too much trouble for the average user. A research paper by Stefan Frei, research analyst director at Secunia, and Thomas Kristensen, CSO at Secunia, released earlier this week at the RSA Conference, finds that the complexity and frequency of patching software vulnerabilities tends to exceed what users are able and willing to invest.

According to Frei and Kristensen, 50% of users have software from more than 22 different vendors that are affected by at least 75 security advisories issued by Secunia every year.

"Thus, a typical end-user has the daunting task to administer his host approximately 75 times a year (or every 4.8 days), thereby handling approximately 22 different update mechanisms to keep his/her system secure," the paper states.”

http://www.informationweek.com/news/software/app_optimization/showArticle.jhtml?articleID=223101713&cid=nl_IW_daily_2010-03-08_h

Daunting as the task may be, if you don't do the work your computer is a lot more likely to belong to a hacker than belong to you.

Of course, there's a good chance you'll never know it. Until your email account is cancelled for spamming or they arrest you for possessing kiddie porn. Even worse, your bank account might be zeroed, though it's more likely you'll be billed for things you never ordered. So go the work or you will be assimilated. You'll also wish they were the Borg.

‘’…

Related articles by Zemanta

• Think software patching is a hassle? You're not alone (go.theregister.com)
• Typical Windows User Patches Every 5 Days (tech.slashdot.org)

Security Tools Detection Assessment Malware Protection Update Management

Security Tools Detection Assessment Malware Protection Update Management

Assess vulnerabilities and strengthen security with these tools and technologies.

“Security Update Management
Security Update Detection
Lockdown, Auditing, and Intrusion Detection and Remediation
Virus and Malware Protection and Removal”

http://technet.microsoft.com/en-us/security/cc297183.aspx

Free Service Keeps Your Web Site Healthy - Security Watch

Free Service Keeps Your Web Site Healthy - Security Watch:

"Wolfgang Kandek, CTO of Qualys, explained how the service works. After signing up at www.qualys.com/forms/trials/stopmalware a user can protect up to ten web sites. Every day Qualys's scanners will check each web site, crawl all of its pages, and report on any malware problems. 'We scan in two ways,' said Kandek. 'First we look at the page to see if any malware is present; that's static analysis. Then for dynamic analysis we actually load the page in a virtual machine running Internet Explorer 6 and monitor it to see what happens... We know what is normal behavior and what is abnormal. When we detect abnormal behavior that clearly represents malware we alert the owner'.

At present alerts come via e-mail, but Kandek indicated that Qualys would consider text, IM, voice, or other alert modes if there seemed to be strong interest among users. He also pointed out that this is a research activity for Qualys. The more web sites they monitor the more malware they'll detect and the more information they can share with other companies.

Users who outgrow QualysGuard can move up to the full non-free Qualys Go SECURE service. This service checks for malware, of course, but also scans for network vulnerabilities, verifies all web applications, verifies site certificates and more. Qualys hopes, naturally, that widespread use of the free service will feed satisfied users into the paid service."

http://blogs.pcmag.com/securitywatch/2010/03/free_service_keeps_your_web_si.php

Computer Graphics World - Don’t Destroy Those Pixels! Five Non-Destructive Photoshop Techniques

Computer Graphics World - Don’t Destroy Those Pixels! Five Non-Destructive Photoshop Techniques
By Stephen Farnow

“Your pixels never did anything to hurt you, did they? You, on the other hand, are likely roughing them up every time you enhance an image. Directly adjusting color, contrast, or focus, all staples of image digital enhancement, physically alters your original data (i.e. munches your pixels). Now you may not really care all that much about your pixels but you will when you realize you’d like a “do over” and they shrug and say “so sorry.” Fortunately, Photoshop has a whole host of techniques that fall under the category of nondestructive editing or NDE. They allow you to make all the changes you want without ever touching your original data, and you can go back and do touch ups later.”

These are things Photoshop users need to know.

http://www.cgw.com/Press-Center/Web-Exclusives/2010/Don-t-Destroy-Those-Pixels-Five-Non-Destructive-.aspx

InformIT: Build Bootable Recovery and Repair UFDs with WinPE 3.0 for Windows 7 > Windows Automated Installation Kit for Windows 7 (WAIK)

InformIT: Build Bootable Recovery and Repair UFDs with WinPE 3.0 for Windows 7 > Windows Automated Installation Kit for Windows 7 (WAIK)

In "Windows-speak," WinPE is shorthand for the Windows Preinstallation Environment, a favorite tool for system administrators, particularly those who must build and deploy Windows installations in bulk.

But it's not just a professional tool for volume Windows work: WinPE is also quite useful as a toolkit for building bootable Windows images that can be installed and run from a USB Flash drive (aka UFD).

In fact, Microsoft defines WinPE as "a minimal operating system designed to prepare a computer for Windows installation." WinPE is what you run when you boot from a Windows Vista or a Windows 7 install CD (or other installable image) and also supports the Windows Repair Environment (sometimes abbreviated as WinRE) that you can run from such media as well.

You can run the Windows Repair Environment, to perform basic repairs on your primary system disk. With more tinkering—and more scripts, device drivers, and programs adto your WinPE image—there's no limit to the things you can use WinPE to do.

A basic WinPE image for Windows 7 requires under 1 GB of storage space; 4 GB ded is big enough for even fairly complex, well-populated WinPE images.

If you really want to get fancy, check out the WinBuilder project at http://www.boot-land.net. They have active WinPE projects for XP, Vista, and Windows 7, and can do amazing things with this technology. See the Resources section for some useful pointers to Windows 7–related projects.

Microsoft Windows Client TechCenter:

• Windows 7 Desktop Deployment (http://technet.microsoft.com/en-us/library/ee461266%28WS.10%29.aspx)
• Windows Automated Installation Kit for Windows 7 (http://technet.microsoft.com/en-us/library/dd349343%28WS.10%29.aspx) download from http://www.microsoft.com/downloads/details.aspx?FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34&displaylang=en)
• WinBuilder.net is a Website devoted to various kits and installation tools built around WinPE. The Windows 7 version is called Win7PE. The Win7PE forums contain information, tutorials, scripts, and pointers to relevant downloads (http://www.boot-land.net/forums/index.php?showforum=91)

http://www.informit.com/articles/article.aspx?p=1561903&ns=16949

Using Twitter and Facebook to Find Design Jobs | Notes on Design

Using Twitter and Facebook to Find Design Jobs Notes on Design by Scott Chappell

Another useful tool from Sessions School of Design. http://www.sessions.edu/

http://www.notesondesign.net/resources/using-twitter-and-facebook-to-find-design-jobs/

Using LinkedIn Company Search to Find Design Clients | Notes on Design

Using LinkedIn Company Search to Find Design Clients Notes on Design

“Ok, so now you can search on LinkedIn for companies and industries globally or in your part of the world. But why?

What you are doing is building your database of prospective clients, the ones you should mail with your profile and follow-up with a call if feasible. And many companies list a remarkable level of detail that you won’t find on their website — AND don’t forget that you would never have found their website anyway because LinkedIn is why you even know the company exists.

LinkedIn company profiles often list the principals and management names and links to their LinkedIn profiles. If you see a company that you think is a fit for your design skills then look at the management listed on the company’s linked-in profile. ” Author Scott Chappell

Notes on Design is a free online resource from Sessions.edu

http://www.notesondesign.net/inspiration/design/using-linkedin-to-get-design-jobs/

http://www.notesondesign.net/inspiration/design/using-linkedin-company-search-to-find-design-clients/

23 Must-Have Chrome Extensions for Web Professionals - Website Magazine - Website Magazine

23 Must-Have Chrome Extensions for Web Professionals - Website Magazine - Website Magazine

Don't miss these tools! You could spend a lot of time hunting for them instead of designing

http://www.websitemagazine.com/content/blogs/posts/archive/2010/02/12/23-must-have-chrome-extensions-for-web-professionals.aspx

Tracking down those XP crashes: Could the cause be malware? | Ed Bott’s Microsoft Report | ZDNet.com

Tracking down those XP crashes: Could the cause be malware? Ed Bott’s Microsoft Report ZDNet.com

"One of Microsoft’s “Patch Tuesday” security fixes is triggering a widespread “Blue Screen of Death” problem. The cause is not the update itself, but an existing infection. So far, reports suggest that this problem affects Windows XP and Windows Vista.

[…]

I have found that the root cause is an infection of %System32\drivers\atapi.sys, and that replacing this file with a clean version will get the system booting normally." Ed Bott

For those who don’t know Windows kernel drivers, Atapi.sys provides access to the system hard drive. If it’s damaged or if it doesn’t match the hardware in your system, the result will be a STOP error, which displays 0×0000007B INACCESSIBLE_BOOT_DEVICE (or a similar error code) on a blue screen.

The MS10-015 update does not replace the Atapi.sys driver, but it does replace a bunch of kernel files that interact with that driver (the full list is in the KB article, under the File Information heading), so it’s not unexpected that these changes would cause problems on systems that were already infected.

I found an unrelated report with similar details in a thread at bleepingcomputer.com, where a user reported experiencing this issue and provided diagnostic reports showing infections by several rootkits and Trojan-horse programs (Rootkit.Win32.Agent and Backdoor.Tidserv, also known as TDDS), as well as the Koobface worm. One detail that caught my eye in that thread was the name of that Tidserv nasty, which is known to replace Atapi.sys with an infected version. (See this search for a sample of reports.)

http://blogs.zdnet.com/Bott/?p=1764&tag=nl.e589