To all my friends, may I wish you a very holy happy Christmas.
May all your needs be met and your dreams come true over this
most Holy of seasons. Below is a link for you to find a gift.
Your friend Jeff.
http://www.pusher.com.au/clients/pusher-christmas-2011
Wednesday, December 5, 2012
Tuesday, November 20, 2012
Malware targetting Windows does damage in a novel way
Backdoor.Makadoc -- a trojan that has been floating in the wild for a while now, attacking Windows, and has recently been updated to target Windows 8 and Windows Server 2012 -- is a clever piece of malware. What makes this malware clever, you ask? Simply the way it goes about attacking your PC.
Actually, it isn't the attack-vector that is unique -- infections of Backdoor.Makadoc (and its variants) are spread through infected RTF and Word documents. Rather, what is novel about the malware is how it gets your data out of your PC, and how it communicates with malware's command and control servers.
You see any competent firewall will block outgoing connections of a suspicious process. However, most firewalls will not (and do not) block a connection made to Google Docs. As such, Backdoor.Makadocs utilizes Google Docs as the medium of communication between your infected PC and the command and control server. What happens is Makadocs uses the "viewer" functionality in Google Docs to transmit info back adn forth between your PC and the command and control server. Since Google Docs is typically a trusted source by firewalls and Google Docs encrypts all traffic, using this method not only helps the malware go around security measures of a firewall but also to help prevent the detection of the command and control server IP address/URL.
Google, of course, prevents the use of Google Docs for such purposes via its terms and conditions, and provides the ability in every Google Doc file to report abuse:
Using any Google product to conduct this kind of activity is a violation of our product policies. We investigate and take action when we become aware of abuse.
Still, however, there is no real automated way to prevent such attacks via Google Docs because, as TheNextWeb points out, these types of vulnerabilities make use of social engineering and not system exploits. In its official statement on this matter, Microsoft echos this idea of fallibility to social engineering:
Social engineering is an industry-wide issue and we are aware these types of problems occur. We are committed to helping consumers have a safe, secure and positive online experience. Our general guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update anti-virus software.
As I type this on a Google Doc, I'm hoping Google and Microsoft sort this out as soon as possible. For what it is worth, Backdoor.Makadocs is a known vulnerability (and not a zero-day attack) so any competent anti-virus should protect you against it.
dottech.org
Actually, it isn't the attack-vector that is unique -- infections of Backdoor.Makadoc (and its variants) are spread through infected RTF and Word documents. Rather, what is novel about the malware is how it gets your data out of your PC, and how it communicates with malware's command and control servers.
You see any competent firewall will block outgoing connections of a suspicious process. However, most firewalls will not (and do not) block a connection made to Google Docs. As such, Backdoor.Makadocs utilizes Google Docs as the medium of communication between your infected PC and the command and control server. What happens is Makadocs uses the "viewer" functionality in Google Docs to transmit info back adn forth between your PC and the command and control server. Since Google Docs is typically a trusted source by firewalls and Google Docs encrypts all traffic, using this method not only helps the malware go around security measures of a firewall but also to help prevent the detection of the command and control server IP address/URL.
Google, of course, prevents the use of Google Docs for such purposes via its terms and conditions, and provides the ability in every Google Doc file to report abuse:
Using any Google product to conduct this kind of activity is a violation of our product policies. We investigate and take action when we become aware of abuse.
Still, however, there is no real automated way to prevent such attacks via Google Docs because, as TheNextWeb points out, these types of vulnerabilities make use of social engineering and not system exploits. In its official statement on this matter, Microsoft echos this idea of fallibility to social engineering:
Social engineering is an industry-wide issue and we are aware these types of problems occur. We are committed to helping consumers have a safe, secure and positive online experience. Our general guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update anti-virus software.
As I type this on a Google Doc, I'm hoping Google and Microsoft sort this out as soon as possible. For what it is worth, Backdoor.Makadocs is a known vulnerability (and not a zero-day attack) so any competent anti-virus should protect you against it.
dottech.org
Sunday, November 18, 2012
Online Surveys Scams
SCAMwatch is warning people to beware of online scams – surveys, emails and social-media posts – offering fake gift vouchers or other bogus inducements in return for disclosing credit card and other personal information.
While many online surveys are legitimate and may be backed by some reward, the Australian Competition and Consumer Commission and Woolworths have received an increased number of complaints about possible scams misusing the Woolworths name and logo, going under such titles as ‘Customer Satisfaction Survey to get $50’.
Scams such as these often ask people to provide credit card or other personal details, which criminals can use to commit identity theft and other fraud.
Woolworths is advising people that all its official competitions are listed at www.woolworths.com.au on its Promotions and Competitions page.
How these scams work
These scams abuse the brand names and logos of well-known companies and products to make them look legitimate.
As with many legitimate offers and online posts, you might be asked to complete a survey and/ or pass on an offer to others before you can claim a voucher or other inducement or enter a competition. But the scams will take your valuable information and give you only disappointment in return – products will never arrive or vouchers will be fakes that retailers won’t honour.
Recent scams have related to supermarkets, coffee shops, smart phones and tablets, including offers featured on Facebook.
Protect yourself
Be very wary when, for example, filling in surveys linked from social networking sites – being asked to provide such detailed information as Medicare numbers or credit-card security codes should ring alarm bells.
You should check whenever you can whether offers are legitimate, even ones passed on from people you know. If the offers are represented as coming directly from a particular retailer, check they are listed on the retailers’ official websites – or call a business’ official customer-service line. Don’t click on links or call numbers listed in the offers – they can link to fake websites and even fake call centres.
If you think you have provided your account details to a scammer, contact your financial institution immediately and report the scam to The Australian Communications and Media Authority http://www.acma.gov.au/WEB/STANDARD/pc=CONTACT_COMPLAINTS_OVIEW
Thursday, November 1, 2012
Advanced-Tokens-Manager
Normally, you can use Windows 7 serial key during installation on the same machine for activating Windows but online activation have some limits. If you install Windows on your system many times due to reasons like virus threats, system files corruption, etc. then online activation is a great problem. 7Tokens Manager is a freeware tool which will back up the Windows 7 Retail, OEM and MAK licenses (your genuine license) and then restore it.
Features:
Backup’s RETAIL / OEM / MAK licenses
Backup Certificate / Serial / Tokens.dat
Backup license files
Dynamic interface
Very lightweight and fast
Programmed with security features
5 min is estimated time required to restore your activation
http://forums.mydigitallife.info/threads/27341-Advanced-Tokens-Manager-The-Activation-Backup-Solution
Tuesday, October 30, 2012
Advanced PDF Utilities Free
For Easy PDF Creation, Conversion & Distribution! 100% FREE!
Multi-purpose Free PDF Toolkit - Preview, Convert, Merge, Split, OCR, Scan...
PDF has been widely used for electronic documents in our daily life, either in work or personal file exchange. To expand your PDF abilities, Advanced PDF Utilities Free combines most
practical PDF functions to carry out a number of activities to preview, merge, split, remove password & restrictions and convert images to PDF, PDF to images, PDF to TXT or PDF to Word.
It also includes printer & scanner support to print out the PDF and scan the paper document to PDF. Additionally, the PDF OCR function allows you to change images and PDF into editable text.
http://www.pdfcore.com/
Monday, October 8, 2012
New malware ransomware locks your computer - asks for $200
Ransomware is a type of malware that locks your computers, encrypts your files, etc. to prevent you from accessing your data and asks for money if you want to regain access. In other words, your data is held ransom, hence the name ransomware.
A new ransomware is floating around the internet pretending to be from the United States government, claiming the target computer has been locked because the user either illegally downloading copyrighted content, software, or child pornography. The randsomware uses the well-known but extinct Stop Online Piracy Act (the act that was never made law) as cover, claiming your computer has been put on the 'S.O.P.A. Black List' and your computer is being locked by the 'Stop Online Piracy Automatic Protection System'.
In classic ransomware style, anyone affected by this ransomware is asked to make a payment of $200 within 72 hours (by purchasing a MoneyPak prepaid voucher) or else risk all their data being erased. Interestingly enough, people who don't have access to MoneyPak stores (aka everyone outside United States and Canada -- MoneyPak is a legitimate business who is unfortunately abused for these types of schemes), you can send a 200 euros through Western Union. I guess us North Americans get a discount since this is our law.
Aside from for money, the ransomware claims that users can be provided with one decrypted files as proof that the hackers can, and will, unlock your files after you pay. I wouldn't suggest taking them up on that offer -- who knows what they will e-mail you back as an attachment.
What makes this ransomware different than others is it tries to create an aura of legitimacy by pretending to the be the American government. Many people will probably think twice before giving into the demands of a ransomware attack if the attack is obvious ransomware. However, this ransomware makes it look like it is the United States government that is locking your computer, which is likely to persuade more people into giving in demands -- thanks to fear or otherwise. The media attention given to SOPA/PIPA earlier this year only magnifies this effect.
It isn't entirely clear how users are being infected by this particular ransomware but it does look like only Windows machines are being infected.
If you are infected, as with most competent ransomware, there really isn't any way to unlock your computer unless you know how to break the encryption (which likely isn't going to happen). It is recommended to not pay the thieves because there is no guarantee that they will actually unlock your files and they could very well simply target you again because they know you will pay. The best thing to do when infected is simply wipe your computer and restore your data from backups, assuming you have some. Once you are up and running, make sure to install the appropriate security measures -- including but not limited to a competent anti-virus -- and avoid shady files and websites.
Thursday, October 4, 2012
Computer cold call virus scam – scammers outsmarted!
Joint action between three international regulators has thwarted a massive global phone scam, with US authorities winning court orders to close down and freeze funds of imposters posing as Microsoft employees offering to fix PC viruses.
The Australian Communications and Media Authority (the ACMA), the US Federal Trade Commission and the Canadian Radio-television and Telecommunications Commission collaborated to share key intelligence about the operations of the Microsoft imposters.
This scam was one of the most commonly reported scams in 2011, with computer hacking scams contributing more than 23 per cent to the total scam reports to the ACCC.
SCAMwatch urges you to remain alert – this type of scam continues to do the rounds, with scammers impersonating other well known and trusted companies or government agencies to slip under your radar.
If you receive a call out of the blue from a stranger requesting access to your computer, money or your personal details, just hang up.
How these scams work
You receive a call out of the blue from someone claiming to be from (or have a relationship with) Windows or Microsoft and that they have detected a virus on your computer.
To confirm the diagnosis, the caller asks you to open Windows Event Viewer on your machine to check if it is infected. Several error messages are listed and this reinforces their claims, even though errors are common and usually harmless. The caller tells you that these are of significant concern and offers to refer you to a ‘technician’ who could fix the problem—for a fee.
At this point, you’re offered a number of solutions that seem to make perfect sense. Depending on the intent of the particular scammer involved, the ‘technician’ might:
Install an antivirus program on your computer—typically the kind that you can download for free from reputable companies—and charge up to $250 for the service.
Ask for your credit card details but install nothing. Your details might then be sold to other parties or used for fraudulent purposes.
Install malware on your computer—this enables your computer to be controlled remotely for other illegal and harmful activities.
Access and steal personal and financial details from your computer.
Follow-up scam
Scammers have also been known to make follow-up calls to people who initially fell victim to the scam. In these calls the scammer falsely claims to be from a foreign government, foreign law enforcement body, or from your bank, and offers to recover the money that you initially lost— in return for a fee.
Protect yourself
Suspect: Don’t accept anything at face value—if it sounds unlikely or too good to be true, it probably is.
Think: Recognise the signs—if you’re being pressured to act, disclose personal details or send money to a stranger, it’s almost certainly a scam. For example, Microsoft never makes unsolicited phone calls about its products.
Report: Act quickly—tell SCAMwatch and stop scammers in their tracks.
Ignore: Never respond. Just hang up, or delete the SMS or email after reporting.
Report
You can report scams to the ACCC via the SCAMwatch report a scam page [ https://www.scamwatch.gov.au/content/index.phtml/tag/reportascam ] or by calling 1300 795 995.
Saturday, July 7, 2012
Mozilla discontinuing Thunderbird
Mozilla discontinuing Thunderbird, calling it “not a priority for Mozilla”
Some say 13 is an unlucky number. For Mozilla Thunderbird, the organization's open-source email client, it certainly is: just over a month ago, version 13.0 was released, and now its rapid development has come to an end.
According to the Chair of the Mozilla Foundation Mitchell Baker, Mozilla will release one more major version on November 20th of this year, and then release just security updates for another year. He says that much of Mozilla, including the Thunderbird Team, have concluded "on-going stability is the most important thing, and that continued innovation in Thunderbird is not a priority for Mozilla’s product efforts".
He also explains that "most Thunderbird users seem happy with the basic email feature set" and most other email users are now using web-based interfaces such as Gmail and Hotmail. Are you a fervent Thunderbird user, or have you moved onto the wonderful wonderful world of webmail?
Monday, June 25, 2012
You have won a voucher !!!
Commonwealth of Australia site SCAMwatch is warning consumers not to respond to text messages which claim you have won a voucher, when in fact you are entering into an expensive mobile premium SMS service.
How this scams works
You may receive a text message from an unknown number congratulating you on winning a voucher from a competition you supposedly entered into. This scam uses (without authority) brand names and logos of well-known companies and products in order to make the prize look legitimate. The voucher is for a high dollar value, which makes it especially attractive. You will be provided with a code to enter into a website to claim your voucher. Once the code is entered the website link will redirect you to another website confirming your win. On the second website you will be requested to enter your mobile number. It has been reported that if you enter your number you may be subscribed to a mobile premium service (mps). Mps can be activated by typing your mobile phone number into a website resulting in you receiving an expensive phone bill you didn’t expect. Similar scams are perpetrated via email with links to online scam surveys.
Protect yourself
Never give your mobile phone details in response to an unsolicited SMS. Never enter your mobile phone number into a website unless you are certain that the website is genuine. Never enter details into a website which you visited by clicking on a link in an SMS. Never respond “Ok” or in the affirmative to SMS messages you receive out of the blue and have no knowledge of. Responding to these messages could subscribe you to further expensive competition and prize alerts. If in doubt about the authenticity of an SMS, always contact the business or service provider to verify that the request is genuine. Never rely on contact details provided in an SMS. Instead, find genuine contact details independently from an authentic source. Be very wary when filling in online surveys. Scammers commonly use these surveys to steal your valuable personal information.
Report
You can report scams to the ACCC via the report a scam page on SCAMwatch [ http://www.scamwatch.gov.au/content/index.phtml/tag/reportascam/ ] or by calling 1300 795 995.
More information
Visit the Australian Communication and Media Authority’s mobile premium services http://www.acma.gov.au/WEB/STANDARD/pc=PC_311207 – information for consumers web page.
Stay one step ahead of scammers, follow @SCAMwatch_gov on Twitter or visit http://twitter.com/#!/SCAMwatch_gov
JB Hi Fi have also issued a warning about this type of scam via their twitter account http://twitter.com/JBHiFi/statuses/215558178123956224
How this scams works
You may receive a text message from an unknown number congratulating you on winning a voucher from a competition you supposedly entered into. This scam uses (without authority) brand names and logos of well-known companies and products in order to make the prize look legitimate. The voucher is for a high dollar value, which makes it especially attractive. You will be provided with a code to enter into a website to claim your voucher. Once the code is entered the website link will redirect you to another website confirming your win. On the second website you will be requested to enter your mobile number. It has been reported that if you enter your number you may be subscribed to a mobile premium service (mps). Mps can be activated by typing your mobile phone number into a website resulting in you receiving an expensive phone bill you didn’t expect. Similar scams are perpetrated via email with links to online scam surveys.
Protect yourself
Never give your mobile phone details in response to an unsolicited SMS. Never enter your mobile phone number into a website unless you are certain that the website is genuine. Never enter details into a website which you visited by clicking on a link in an SMS. Never respond “Ok” or in the affirmative to SMS messages you receive out of the blue and have no knowledge of. Responding to these messages could subscribe you to further expensive competition and prize alerts. If in doubt about the authenticity of an SMS, always contact the business or service provider to verify that the request is genuine. Never rely on contact details provided in an SMS. Instead, find genuine contact details independently from an authentic source. Be very wary when filling in online surveys. Scammers commonly use these surveys to steal your valuable personal information.
Report
You can report scams to the ACCC via the report a scam page on SCAMwatch [ http://www.scamwatch.gov.au/content/index.phtml/tag/reportascam/ ] or by calling 1300 795 995.
More information
Visit the Australian Communication and Media Authority’s mobile premium services http://www.acma.gov.au/WEB/STANDARD/pc=PC_311207 – information for consumers web page.
Stay one step ahead of scammers, follow @SCAMwatch_gov on Twitter or visit http://twitter.com/#!/SCAMwatch_gov
JB Hi Fi have also issued a warning about this type of scam via their twitter account http://twitter.com/JBHiFi/statuses/215558178123956224
Thursday, April 12, 2012
Ninite
There are loads of small apps you have to install when you get a new PC, or reformat your old one, including your favorite browser, chat software, and various utilities. With Ninite, you can install them all in one click and save yourself hours of tedium.
Go to the Ninite website [ http://ninite.com/ ], choose your favorites by clicking checkboxes, and then download your own customized installer that places all those software picks on your new machine.
What to choose from this load of freebies? Might we suggest Dropbox, the easiest file synchronizer in the world? In addition to that, all the usual suspects are there, including Adobe Flash, Thunderbird, Firefox, Skype, Security Essentials and even iTunes. Out of 81 choices, there’s bound to be a few in there you’ll need. One click and you’re done.
By the way, Ninite’s install routine doesn’t surreptitiously add any of those pesky toolbars or any other junkware. Try it out — you’ll love it.
Go to the Ninite website [ http://ninite.com/ ], choose your favorites by clicking checkboxes, and then download your own customized installer that places all those software picks on your new machine.
What to choose from this load of freebies? Might we suggest Dropbox, the easiest file synchronizer in the world? In addition to that, all the usual suspects are there, including Adobe Flash, Thunderbird, Firefox, Skype, Security Essentials and even iTunes. Out of 81 choices, there’s bound to be a few in there you’ll need. One click and you’re done.
By the way, Ninite’s install routine doesn’t surreptitiously add any of those pesky toolbars or any other junkware. Try it out — you’ll love it.
Saturday, March 31, 2012
Use Ctrl+Shift+Esc instead of Alt+Ctrl+Del to quickly bring up Windows Task Manager
I first learned about the joys of Alt+Ctrl+Del while watching my otherwise computer illiterate dad restart a frozen Windows 98 desktop. Ever since then I have been relying on Alt+Ctrl+Del to bring up Windows Task Manager, which allows me to fix issues like frozen programs. However, Alt+Ctrl+Del for Windows Task Manager is a legacy shortcut. On newer computers, depending on what version of Windows you are using - e.g. Vista and Win7 - and/or the way you have Windows configured (e.g. multiple Windows users), Alt+Ctrl+Del doesn't directly bring up Windows Task Manager but rather brings up the Windows Security screen from where users can launch Task Manager.
If you don't mind having to go through an extra step to get Task Manager, then by all means continue to use Alt+Ctrl+Del. However, if you are an impatient little cretin like me, then the most efficient way from point A to point B is a straight line; or, in this case, a different keyboard shortcut.
Instead of using Alt+Ctrl+Del to access Windows Task Manager, press the Ctrl+Shift+Esc keys on your keyboard to directly access Windows Task Manager. Unlike Alt+Ctrl+Del, Ctrl+Shift+Esc does not bring up the Windows Security screen but rather directly opens Windows Task Manager. Pretty cool, huh? Now all we need to do is break old habits...
http://dottech.org/ask-dottechies/26385/ask-dottechies-favorite-windows-tips-or-tricks/comment-page-1/#comment-305086
Thursday, March 29, 2012
infected with DNSChanger?
Am I infected?
The Australian Communications and Media Authority (ACMA), CERT Australia http://www.dns-ok.gov.au and the Department of Broadband, Communications and the Digital Economy (DBCDE) have established a diagnostic website at dns-ok.gov.au that, in most cases, can be used to confirm whether your computer has been infected with DNSChanger. This website also provides links to tools, provided by anti-malware companies, that can be used to remove the infection and gives advice about the steps to follow to remove the infection.
The Australian Communications and Media Authority (ACMA), CERT Australia http://www.dns-ok.gov.au and the Department of Broadband, Communications and the Digital Economy (DBCDE) have established a diagnostic website at dns-ok.gov.au that, in most cases, can be used to confirm whether your computer has been infected with DNSChanger. This website also provides links to tools, provided by anti-malware companies, that can be used to remove the infection and gives advice about the steps to follow to remove the infection.
Wednesday, February 29, 2012
Avoid CNET Download.com’s ad-supported installer by using the Direct Download Link
Last year CNET started bundling an "ad-supported stub installer" with downloads on Download.com. This installer was CNET's way to bring Ask Toolbar-like crapware bundles to CNET downloads. The installer wasn't added to all downloads on Download.com but was added to enough downloads for people to take notice and come up in arms. Back then the only ways to avoid installing crapware courtesy CNET was to either
•Be very careful when downloading files from CNET, making sure to avoid installing crapware offered by the CNET installer;
•Create a CNET account, login to that account whenever downloading something, and using a direct download link;
•Or not using Download.com altogether.
While I'm sure many people opted for option number three, there are still times some people download from Download.com (sometimes we have no option except to use Download.com because some developers only put their files on Download.com). For those of us that still use Download.com, you will be relieved to know Download.com now clearly marks downloads that have the CNET ad-supported stub installer as "CNET Installer Enabled"; and Download.com now allows everyone to download via a Direct Download Link that bypasses the CNET installer -- you no longer need a CNET account for a direct download. So the next time you venture to Download.com, keep your eyes open for a direct download link when downloading software that come with CNET installer.
Stay safe everyone.
Sunday, February 5, 2012
calibre 0.8.35
Is your e-book collection is a disorganised mess of different formats and competing viewers? It doesn't have to be that way. Calibre is an e-book management tool that will quickly bring order to the situation, and help you get more from the format, and (if you have one) your portable e-book reader.
The process starts by letting the program organise your e-books library. Point calibre at your files and it'll quickly (and almost automatically) build a database around your collection, downloading metadata like covers for extra visual appeal. You can then sort and search your books by title, author, date published, rating, custom tags and more, making it quick and easy to find whatever you need.
Calibre can then display your book, too (as long as it's not DRM-protected), with an integrated viewer that handles all the main formats and supports features like table of contents, CSS, printing, searching, embedded fonts and more.
http://downloads.pcauthority.com.au/article/4386-calibre
The process starts by letting the program organise your e-books library. Point calibre at your files and it'll quickly (and almost automatically) build a database around your collection, downloading metadata like covers for extra visual appeal. You can then sort and search your books by title, author, date published, rating, custom tags and more, making it quick and easy to find whatever you need.
Calibre can then display your book, too (as long as it's not DRM-protected), with an integrated viewer that handles all the main formats and supports features like table of contents, CSS, printing, searching, embedded fonts and more.
http://downloads.pcauthority.com.au/article/4386-calibre
Thursday, January 26, 2012
AirDroid for your Android Phone.
AirDroid is a fast, free app that lets you wirelessly manage & control your Android device from a web browser Over-The-Air.
This is the best wifi phone management software that exists on the market. I'll definitely be using this application for quite some time to come - being able to use a keyboard to send texts to people is going to be nice. Best part is it's FREE.
https://market.android.com/details?id=com.sand.airdroid&hl=en
This is the best wifi phone management software that exists on the market. I'll definitely be using this application for quite some time to come - being able to use a keyboard to send texts to people is going to be nice. Best part is it's FREE.
https://market.android.com/details?id=com.sand.airdroid&hl=en
Subscribe to:
Posts (Atom)