Archive | October 2012

All about TPM Chip in Windows 8 – Microsoft is Many Years Late

What is the TPM Chip?

  • Microsoft released Windows 8, and with it came the Trusted Platform Module (TPM Chip) is a chip that allows a certain operating system to recognize a chip to verify the operating system and its modules. This provides even better security, so that Windows can only be installed on hardware that is verified through the TPM Chip.
  • Now, it is unclear whether or not it will be required for Windows 8, however, it is in testing mode at this point. In future versions of Windows, it will probably be required. Which also makes it difficult for those using Windows on a virtual machine, and will probably require people to acquire a specific compatibility license to run Windows on virtual machine, or dual boot with a Mac-based computer.
  • Confused yet? Apple was one of the first, if not the first, to introduce an OEM chip, which required people to have if they wanted to run Mac operating systems. Which meant, for example, Mac OS X couldn’t be installed onto a normal computer, it had to be on “Mac-branded hardware” as they state in their terms-of-use on Mac OS X.
  • What does this bring to the security of operating systems necessarily? It provides very low level security, and will be just another possibility to block bootkit attackers and other boot-based viruses/rootkits.
  • Some experts say that TPM will probably be included in new PCs, tablets, and other Windows-branded devices. There’s no current way to just “install it”, however, Windows 8 is engineered to be able to recognize the TPM Chip.
  • When did this idea come about? Probably the late-1990s was when this idea came about, because security experts were realizing the issue that software antivirus/firewall was not strong enough to block the threats. It would take more than just software-based protection programs.
  • What other implementations (other than Apple’s chip) are in place?The Google Chromebook is a good example of implementation, because when it boots, the TPM chip object in there checks the modules on the system. If one is bad, it automatically replaces it with its “last known good module” (in its comprised library of last known good modules), keeping itself protected.

 

For the future of TPM technology

  • It’s possible the makers of the TPM technology would be working with security/OS vendors to create antivirus that can be built over top of the TPM chip, which would scan the operating system and kernel before it starts up.
  • What’s different than boot-time scanners offered by companies like Avast, for example? Boot-time scanners offered by software companies still use Windows modules to help scan the whole computer. However, since the modules are part of the operating system, the boot-time scan cannot get to the OS kernel deep enough. Although, it can scan the system before it loads services/drivers, it cannot necessarily get a good look at all of the drivers/services or the MBR/BIOS for that matter.
  • By allowing antivirus to scan computer before operating system starts (at all), it will also keep on top of things so malware cannot hinder or suppress the scan.

 

This is just one of the many security features included in Windows 8. Take a look!

Advertisements

Information sharing between government agencies and corporations questioned

The sharing of information on threats and attacks between government agencies and companies in the private sector has been tried numerous times and in many different ways over the last decade, with varying degrees of success. The need for information flowing in both directions likely is more pressing than ever right now, with high-level attacks targeting critical infrastructure systems and utilities every day, but much of that data in the government realm remains classified and few enterprises are eager to reveal details, either. As the attacks continue, officials say there may be a need for a new mechanism to get the information flowing.

One of the main problems when it comes to information sharing programs is that the data on new threats and attacks needs to be shared as the attacks are happening, and that’s difficult to accomplish. In the middle of an attack, security teams and incident-response groups are concerned with stopping the attack, discovering what systems have been compromised and determining whether any data was stolen. Packaging up the information on what happened, even if it’s readily accessible, and making it available for others is typically a low priority.

Read more on ThreatPost

Latest security reports: Android malware growth, Apple most vulnerable vendor

The latest security studies are in, and here are the analyses from seCURE Connexion…

  • Android malware has overgrown, with an extreme growth by the end of July to the month of August, and into September and October. Get protected now with the latest in mobile security, so your smartphone can stay secure from the dangers of the app world.
  • Another rise for Android issues, would be apps that act like aggressive adware, by collecting way too much personal information. It is continuously a problem, dealing with apps that collect a load of personal information, and some have worried about identity theft.
  • Vendors of software have seen a continual rise in vulnerabilities for the past couple of years. However, Apple seems to have the worst problem, but so does Google. Both companies have seen varying degrees of intensity and quantity of attacks, and it’s to question that Microsoft is seeing a break in the action. The good part is, Microsoft only shown half as many vulnerabilities as Google, and only one-quarter as many as Apple. Though these numbers are only speculative, based on looking over the lists of the past few months.
  • Some of the major malware on Windows systems have included Trojan.ZeroAccess, Worm.Conficker, and more.
  • Corporate and government entities have seen an extreme rise in the number of cyberattacks. Worries about a cyberwar are continually heating up, and it’s unknown the origin of most of the attacks.
  • According to the Symantec Internet Security Threat Report (ISTR), 400 million new variants of malware were created in 2011, which is an average of 33 million new variants of malware a month, or an average of one million new variants a day.

Overall, the spectrum of cyberattacks has increased on an extreme level, whether it’d be cyberwar related, or cybercrime. It’s definitely best to consider this declared war, and work constantly to protect our computers and our own livelihood.

 

Continuous PC Protection & High-speed Performance

The Damage Swell of Saudi Aramco Attack

The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:

That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.

Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.

The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.

Critical fix issued for Shockwave Player – Oct. 23, 2012

Adobe has released a critical update for Shockwave Player after several serious vulnerabilities were found.

  • Users of 11.6.7.637 and earlier versions should now update to version 11.6.8.638 – Update Now
  • Updates are available for Windows and Mac systems.
  • There is no active propagation of exploits.
  • Check to see if you have Shockwave Player.
  • Shockwave Player is not the same as Adobe Flash Player, which update October 8.
  • Check release notes.
  • Uncheck the Norton Security Scan, if it shows.
To protect against vulnerabilities, it is best to have a good internet security software, not FREE antivirus! Check here:

$15 OFF Kaspersky Internet Security 2013

Saved passwords vulnerability still exists in some web browsers

 

Say you are on the Gmail login page and the web browser, as always, has auto-filled the username and passwords fields for you.

This is convenient because you can sign-in to your account with a click but because you have not been typing these saved passwords for a while now, you don’t even remember the Gmail password anymore.

All web browsers, for security reasons, mask the password fields in login forms behind asterisk characters thus making it impossible for passersby to see your secret string.

There’s however an easy workaround that will let you convert those asterisks into the actual password and you don’t need any external utilities or bookmarklets for this. Here’s how:

Full Story at Labnol

Video “OMG I just hate Rihanna…” Facebook scam spreading

Messages are spreading between Facebook users, claiming that members of the social network have lost all respect for popular songstress Rihanna after watching a video.

However, if you’re careless enough to click on the link you will find yourself lured into a survey scam that attempts to earn affiliate cash for fraudsters.

A typical message trying to tempt users into falling for the scam looks like this:

If you were fooled into participating in this scam remove the message from your newsfeed, and delete any messages you may have inadvertently shared with your friends. That way at least you are no longer spreading it with your online chums. You can also report the link as spam – hopefully if enough people do it, Facebook will begin to stop the scam from spreading.

Rihanna Facebook scam

Read more on Naked Security

 

Prevent scams like this and other social network scams/issues:

Get the review of Malwarebytes’ Anti-Malware

%d bloggers like this: