How’s Your Hard Drive? – Check It Out With These Free HD Tools

All modern Hard Drives are equipped with a feature known as S.M.A.R.T. that provides real-time analysis and the reporting of any developing problems and potential issues. The big question is: can you read the warnings?

The following free application can take the guesswork out of the equation, and make it easier to diagnose what’s really occurring inside the complex environment of the Hard Drive.

Ariolic Disk Scanner

Disk Scanner is a tiny freeware utility to check the hard drive for read errors. Sometimes, you may notice, that some files on the disk cannot be read. This may happen for several reasons, but the most important one is the hard drive degradation, that may be the first typical sign of the disk failure.

Fast facts:

Read-only test of hard drive volumes for read errors

Scan hard disk, flash drives, USB hard drives, CD/DVD, floppy

Disk Scanner does not require a setup – it’s portable. Run it directly from CD or a Flash drive

See the check result at a glance

Works with hard drives, flash disks, CD, floppy

Simple user interface

Download at: Ariolic Software

Hard Drive diagnostic software is offered free from all the major Hard Drive manufacturers. Check out their sites.

Western Digital Support

Samsung

Seagate

Please note that since Seagate purchased Maxtor, the download sites are identical.

Maxtor

Hard Drive Maintenance: Repair, Defrag and Disk Cleanup Tools

Fragmentation is caused by creating and deleting files and folders, installing new software, and downloading files from the Internet. When you delete files or folders, the first available empty spaces on the Hard Drive are filled in randomly when you create new files and folders, as you do when you save pics from your camera, install software, save emails, or create documents.

Hard Disk fragmentation makes the disk drive heads move more than necessary when reading files which can degrade performance over time, and can lead to system slowdowns, computer crashes, slow startups and shutdowns.

Auslogics Disk Defrag

The program (updated August 10, 2010 ), is extremely easy to use, does not require any analysis phase and is faster than most disk defragmentation software I’ve tested in the past, and it’s free.

In my view, it’s one more maintenance process in helping me get the maximum performance out of my hardware.

Fast facts:

Improve computer performance and stability

Increase your productivity – no more waiting for files to open

Defragment disks in minutes

Disk fragmentation map and detailed fragmentation report

Download at: Download.com

CCleaner

Running a Hard Disk cleaner such as CCleaner (updated September 27, 2010), can optimize systems by emptying the Recycle Bin, Temporary Setup Files, Downloaded Program Files, Temporary Internet Files, Old Chkdsk Files, Temporary Files, Temporary Offline Files, Offline Files, and more.

Fast facts:

Frees up valuable hard disk space

Advanced features to remove unused and old entries

Comprehensive backup feature

System tray icon

Privacy tool

Download at: Download.com

Glary Utilities

Using Glary Utilities, you can tweak, repair, optimize and improve your system’s performance; and its ease of operation makes it ideal for less experienced users.

You can quickly find the tool you’re looking for: disk cleaner, uninstall manager, secure file deletion, memory optimizer, (a gentle) registry cleaner, duplicate file finder, tracks eraser, and empty folder finder.

Fast Facts:

Disk Cleaner Removes junk data from your disks and recovers disk space

Registry Cleaner scans and cleans your registry to improve your system’s performance

Shortcuts Fixer eliminates the errors in your start menu & desktop shortcuts

Startup Manager manages programs which run automatically on startup

Memory Optimizer monitors and optimizes free memory in the background

Tracks Eraser erases all traces, evidence, cookies, internet history and more

File Shredder erases files permanently

Internet Explorer Assistant manages Internet Explorer Add-ons

Disk Analysis provides detailed information files and folders

Duplicate Files Finder searches for space-wasting duplicate files

Empty Folders Finder removes empty folders (I love this feature)

Uninstall Manager completely uninstall programs

Download at: Download.com

A portable version is also available which you can download at GlarySoft.

Disk Heal

Disk Heal is a free Windows NT, 2000, XP and Vista utility that may be able to restore the condition of your Hard Drive, or a USB Flash Drive.

This application is a very useful tool that has a host of additional capabilities, including recovering hidden files and performing system tweaks; all can be accessed with just one click.

Fast facts:

Fixes disk problems

Fixes task manager inaccessibility

Fixes folder options inaccessibility

Fixes registry editor inaccessibility

Recovers hidden files and folders

Changes the default icon of any drive, external, internal, or a partition

Security and system tweaks

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

BitDefender’s Third Quarter Malware Report–USB Malware Leads The Pack

BitDefender,  the well known Internet security solutions provider, released its latest quarterly report today, detailing cyber-threat activity from July through to September, 2010.

Some of the key findings include:

The top ranking e-threat, with 11 percent of the total infections in the world, is Trojan.AutorunINF.Gen. This piece of malware is consistently among the most popular threats each month as it easily spreads via removable devices and Windows shared folders.

Ranking second is Win32.Worm.Downadup.Gen, with six percent of the total infections. This worm typically appears in the malware distribution charts alongside Trojan.AutorunInf.Gen. Computer users should always scan external devices especially after having plugged them into public computers like those available in copy shops and libraries

This quarter the third spot includes a representative of the exploit family, namely- Exploit.PDF-JS.Gen which exploits vulnerabilities found in the Javascript engine of Adobe PDF Reader with the purpose of executing further malicious code on users’ computers.

A newcomer to the top-five, and occupying the fourth place is Trojan.Generic.4170878 is a newcomer with great negative potential. This backdoor provides the cybercriminal remote access to the infected system. Unfortunately for users, this piece of malware has seen a steady rise in distribution over the past few months.

Ranking fifth in the quarterly malware chart, with three percent, is Trojan.Wimad.Gen.1 . This e-threat is mostly found on Torrent websites, camouflaged as episodes of your favorite series or as a not-yet-aired but soon-to-be blockbuster.

For additional information, checkout Catalin Cosoi, (Head of BitDefender Online Threats Lab) discussing the steps you can take to avoid these malware threats, on his YouTube video.

Click on the graphic to go to YouTube.

About BitDefender

BitDefender is the creator of one of the industry’s fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

An Interview With An Anarchist Hacker

We’ve reported on the issue of software piracy, and the theft of intellectual property, a number of times. So, it’s easy for me to sum up my position on this contentious matter – there is no justifiable reason to steal software, or the work of others. It is piracy, and it is a CRIME.

The recently released Seventh Annual BSA and IDC Global Software Piracy Study, made the point that “for every $100 worth of legitimate software sold, an additional $75 worth of unlicensed software made its way onto the market.”

Selected findings from this study include:

Commercial value of software theft exceeds $50 billion: the commercial value of unlicensed software put into the market in 2009 totaled $51.4 billion.

Progress on piracy held through the recession: the rate of PC software piracy dropped in nearly half (49%) of the 111 economies studied, remained the same in 34% and rose in 17%.

Piracy continues to rise on a global basis: the worldwide piracy rate increased from 41% in 2008 to 43% in 2009; largely a result of exponential growth in the PC and software markets in higher piracy, fast growing markets such as Brazil, India and China.

It’s obvious then, that intellectual property theft is “big business”, and is unlikely to disappear any time soon. Currently in fact, there is a huge pushback campaign being waged against those organizations who support anti-piracy.

According to PandaLabs, the malware research arm of Panda Security, there is an ongoing offensive, appropriately called “Operation Payback”, which is employing targeted DDoS attacks against various companies and agencies, including the Motion Picture Association of America, and the Recording Industry Association of America, who support the anti-piracy lobby.

The question is – is there support out in the hinterland for this sort of hacking effort? If the following comment, which I picked up on a comment forum, is any indication, the answer is a resounding – YES.

“Big Media is reaping what they sowed and so its hard to find any sympathy for them or any fault in those who have found a way to fight back for much of the highly questionable actions these conglomerates and their law firms have taking these past few years.

The fact that they are unwilling to see how realistic this threat is to them just shows how arrogant or incompetent they are. While they won’t be getting help from me, these grass roots strike back at big media campaigns will find far more support and help on their end then what Big media could ever hope to buy.”

So, how and why, do those who are responsible for “Operation Payback” justify a criminal cyber attack against organizations whose mission is to enforce existing intellectual property rights?

Sean-Paul Correll, a threat researcher with Panda Security, in speaking with some of the organizers of  “Operation Payback” in a Q&A session, has discovered some surprising answers.

Here’s a small taste of Sean-Paul’s Q&A session –

If you were able to resolve this situation, what would you want the respective media authorities of the world to do?

A: Personally, I would want them to basically go the fuck away altogether. Remove the barbaric laws they have lobbied for. Treat people like PEOPLE instead of criminals. Their long outdated traditional views on copyright infringement enforced solely by rich and powerful corporations need to be modified in light of the modern age on the Internet, the Information Age.

Sean-Paul’s full Q&A session makes interesting reading and is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – September 30, 2010

How to Use Gmail to Make Free VoIP Calls – Move over, Skype. Google’s Gmail lets you make free VoIP calls directly from the inbox, and you can call anyone’s landline or mobile, whether they use Gmail or not.

How to Recognize and Avoid Facebook Clickjacking Attacks – Everyone knows not to click on links in emails, right? Somehow this advice is not translating to Facebook, which in many ways, is an even more dangerous environment. Neil Rubenking, PCMag’s Lead Security Analyst, has some tips to help you avoid the click- jacking traps that are all the rage on Facebook. If you are a regular user, it is worth checking out.

Learn how to use the Windows 7 Resource Monitor for effective troubleshooting – Greg Shultz explores the Windows 7 Resource Monitor’s features with the goal being to teach you how the tool can be used to troubleshoot performance.

Glass: A New Spin on Sharing – Words like “real-time” and “instant” are constantly thrown about as both users and developers clamor for the fastest way to communicate and share information. A new browser add-on seeks to eliminate one extra step. Glass is a new browser extension that allows you to share experiences in real-time, and not just content.

FEDORA 14 ADDS MEEGO — AND SPICED-UP VIRTUALIZATION – The Fedora project announced the Beta release of “Fedora 14 “Laughlin,” featuring faster JPEG downloads and the MeeGo 1.0 netbook environment. Other new features in the Fedora 14 Beta include improved debugging and IPMI server management, and the debut of the “Spice” virtualization desktop framework and “Systemd” management technology for faster start-ups.

Public domain Windows Desktop wallpaper from US National Parks – There are thousands of public domain images available from the U.S. National Park Service that make great scenic view wallpaper. The images are available in high resolutions, which means they can be adjusted to fit your preferred screen resolution. I have chosen over 50 images from the archives, but there are hundreds more available from the NPS Digital Image Index.

Who’s Behind Stuxnet? The Americans? The Israelis? – Stuxnet uses unprecedented sophistication atypical of the average Internet mafia organization, and it goes after industrial control systems. But there’s something different and ominous about this malware.

Back up your Android phone with these two apps – Jack Wallen walks you through the process of backing up your Android phone with two free apps: Handy Backup for Android and On The Fly Backup for Android.

Malicious HTML in E-Mail Increases – Spammers have suddenly cranked up the use of malicious HTML file attachments in recent days, according to security company Barracuda Networks. Using a number of search engine optimization-driven subject lines, the latest campaign tries to get recipients to click on “harmless” HTML attachments which launches an obfuscated Javascript attack that sends users to a variety of websites peddling everything from bogus CODECS to pharmacy.

Australian hackers fire DDoS attacks against anti-piracy fighters – Hackers are preparing to raise the stakes in their next assault on anti-piracy organizations after they crippled the website of the Australian Federation Against Copyright Theft (Afact) on Tuesday.

Details Emerge on IE 8 Data-Stealing Bug – Security researcher Chris Evans has released details of the data-stealing bug in Internet Explorer 8 that he publicized earlier this month, saying that the CSS flaw can be used to force victims to post messages on Twitter and that the bug appears to be no closer to being fixed.

Zeus Botnet Raids Result in 19 UK Arrests – UK police have arrested 19 cybercrime suspects who allegedly used the ZeuS crimeware toolkit to capture online banking credentials before looting victims’ bank accounts.

Company News:

Review: Apple TV – A lower price, a more compact design, and the ability to stream content from iOS devices and rent 99-cent TV shows makes Apple’s latest Apple TV set-top box an excellent option for iTunes and Netflix users.

Slideshow: Microsoft Office 2011 for Mac – Check out some of the highlights for Microsoft Office 2011 for Mac.

Xerox PARC: Inventing the Future – Renowned think tank Xerox PARC recently celebrated its 40th birthday and is showing no signs of slowing down. Familiar inventions that were dreamed up at PARC include GUI for computers, laser printing and computer programming languages. Current projects include investment in PowerCloud Systems, storm water management devices, flexible electronics and an alternative approach to the architecture of computer networks.

Intel Labs Projects Aim for Better User Experience – Intel Labs gave early arrivers to the Intel Developer Forum here a glimpse of the future. At an event Sept. 12, Intel Labs engineers showed off some of the projects they’re working on, many of which are designed to give users an experience that meshes with how they interact with their computing devices.

Off Topic (Sort of):

10 Classic TV Robots – Robots have been a staple of science-fiction and other literary works dating back to the late 19th century, so it’s no wonder they’ve played such a big role on TV. Interestingly, most of the robots who made an impact on pop culture were featured on series that aired between the 1950s and ’70s, when robots were still outlandish enough to be considered completely futuristic.

‘Iron Man’ exoskeleton suit to aid soldiers – Defence contractor Raytheon Sarcos has demonstrated the XOS 2, a real-life exoskeleton similar to the action hero’s suit, which was built to assist soldiers. (submitted by Michael F.)

10 ways to boost traffic to your Web site -You can increase the number of visitors to your Web site by following some pretty simple, practical steps. Brien Posey shares some of the strategies that have worked for him.

The 15 Most Offensive Video Games Ever Made – In one you’re encouraged to sexually assault a mother and her daughters, in another, you’re a white supremacist out for blood, and that’s just the warmup act.

Five Ruby Hello World greetings – The Hello World program is the most common first example of how to write programs in a new language, even when they don’t say Hello World. Five different ways to say hello in Ruby offer a gentle introduction to the language.

Today’s Quote:

“In politics, absurdity is not a handicap.”

–    Napoleon Bonaparte

Today’s Free Downloads:

YouSendIt Express – Sending files to clients and editors can be problematic. Our solution? We use an online service called YouSendIt). And, to make matters even easier, we use the free download software, YouSendIt Express.

VirusTotal Uploader – The VirusTotal.com Web site offers a free but invaluable security service. It will scan any Web download, e-mail attachment or other file you send it with 40-odd different antivirus scanners to let you know whether it’s safe for your computer. The VirusTotal Uploader utility makes sending a file to the site a breeze by adding a new right-click option for any file.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free GooReader – Making It Easy To Read Google Books On Your PC

Popular guest writer Rick Robinette, the “Mighty Freeware Hunter”, is back again with another terrific freeware find – GooReader.

GooReader is a free desktop application that allows you to search, download and read books and magazines available on Google Books.

Here’s Rick’s review:

Reading on a PC is just not the same as reading from a book or magazine. I guess it is part of the generation that I was raised with, but there is something about turning that page and the feel of that book. I always envisioned the day when I could read a book on my computer screen and turn the pages in a similar manner as a real book.

Well today is the day where this vision is coming true. I recently went on the hunt for a reading application that would allow you to read a book (or magazine) on your computer where the pages appeared to actually turn. What I came across, that closely meets my criteria, is a Google Books reader called GooReader.

If you are not familiar with Google Books, it is an online collection of millions of books from libraries and publishers worldwide using Google Book Search

GooReader provides a sweet interface for reading publicly available books and magazines on Google Books. Instead of awkward page scrolling in your browser you can get pleasure of reading on your desktop in the same way as you read hardcover books or paperback magazines. With natural mouse moves you can turn over pages, zoom in and out, jump to the needed TOC item.

You start using GooReader by entering a search criteria in the search box that is directly tied into Google Books Search.  If you notice above, I performed a search for Windows 7 and the books started appearing on the shelf.  You can select a book from the shelf to read full screen if you like, zoom in, zoom out AND turn the pages like a real book. The controls to turn the pages and perform these other functions are located at the bottom of the pages.

In GooReader the search results are represented as 3D book models on a bookshelf. You can setup the number of search results and the scale of the bookshelf. The program can search online books by title, author or keyword that can be used in its description or content. If you want to read or save specific book, you can simply enter its Book_ID and open it in Gooreader.

Sometimes you may need to print Google Books or read them offline when you don’t have the internet connection. Besides, most people love to read books on mobile devices (like iPad) or popular e-Book readers (like Sony Reader, Kindle or Nook). In this case the PDF format is a perfect solution. GooReader allows to automatically save publicly available books and magazines to PDF files (please read the FAQ for details). Note that this feature is available in paid version.

GooReader works only on Windows XP/Vista/7 and requires .Net Framework 3.5 SP1 installed. You do not need a Google login account to access these books; all books and magazines on Google Books are available for unregistered users.

This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.

Why not pay a visit to Rick’s site at What’s On My PC. Like me, you’re sure to become a frequent visitor.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – September 29, 2010

10 tips for troubleshooting PC system slowdowns – When PC performance slows to a crawl, a systematic troubleshooting plan will help you zero in on the cause. Deb Shinder runs through likely culprits and describes steps you can take to improve system performance.

Lifehacker: DIY Repairs and Upgrades to Save Your Laptop – Too many laptops are cast aside for singular broken parts, for “running too slow,” or other problems that shouldn’t require a rent-sized new purchase. All this week, we’ll detail fixes and upgrades that save otherwise functional laptops. Today, we’re installing new memory.

Raise Your Windows IQ: Advice for Newbies – I usually focus on folks who’ve been using Microsoft Windows for a while and enjoy learning about new tricks. But it recently occurred to me… what about readers who are new to Windows? This week I’ll cover some basics for those who are just getting started. If you don’t need these tips yourself, maybe they’ll help a friend or coworker.

Internet Explorer 9: Better Than Google Chrome? – Microsoft’s Internet Explorer 9 beta is fast and good-looking, with some longtime Internet Explorer issues eliminated. The question is whether it can convert Google Chrome and Firefox users.

OpenOffice.org forsakes Oracle, forms new foundation and fork – It comes as no surprise that longtime backers of OpenOffice.org are taking control over the open source project from Oracle, its new owner.

Technology’s Biggest Myths – Expensive cables are better! Defragging speeds up your PC! Refilling ink cartridges ruins your printer! We put these and other claims to the test to find the truth behind tech’s tallest tales.

Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords – Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.

Obama Wants to Wiretap the Internet – The Obama administration is drafting legislation to expand wiretap authority to potentially allow interception of Facebook, BlackBerry and Skype communications.

Stuxnet able to re-infect cleaned computers – Analysis of the Stuxnet worm reveals something interesting on an almost daily basis. Liam O Murchu, manager of Symantec’s North American Malware Response team, says that he has discovered how the worm manages to re-infect a computer that has been cleaned of it.

Company News:

Microsoft Issues Emergency Patch for Windows Web Bug – Microsoft today delivered an emergency patch for a Windows Web server flaw that is being actively exploited by hackers.

Java Creator Gosling: ‘Why I Quit Oracle’ – In an exclusive interview with eWEEK, Java creator James Gosling discusses a series of issues he earlier declined to take public, including why he left Oracle.

Xmarks Bookmark Syncing Service Shutting Down in January 2011 – Xmarks, the bookmark syncing service formerly known as Foxmarks, announced today it will close its doors and delete its users’ data on January 10, 2011.

Microsoft Dumps Live Spaces for WordPress – Microsoft and WordPress.com announced Monday that WordPress will be the default blogging platform for Windows Live going forward.

Off Topic (Sort of):

Will BlackBerry PlayBook Bridge the Video Divide? – FaceTime, which Apple set up as an open standard, could emerge as the unifying force for video chat.Research In Motion’s new tablet, the BlackBerry Playbook, supports video chat through its front-facing camera. So does the Samsung Galaxy Tab. And, according to rumor, so will the second coming of the iPad. The current array of smartphones such as the iPhone 4 and the EVO 4G also support video chat. But so far, it doesn’t appear that any of these devices will actually talk to each other–and that’s just wrong.

The Most Mysterious Diseases Known To Man Are Not So Mysterious At All – Part I – Yahoo Lifestyle recently published 10 mysterious diseases via LiveScience. The problem is, not one of the diseases listed is mysterious at all. In fact, every single illness they list as unexplainable has causes and treatments which have been sourced for many years now, and some of these causes may shock you. (submitted by Dar)

Telework Myths: Why You Aren’t at Home – Despite the huge benefits, some companies are still hesitant to let employees work from home. What is behind the reluctance?

How Scientific Is Modern Medicine? – A new book on homeopathy challenges conventional medicine, which touts itself as scientific even though it is largely run by businessmen, not doctors. (submitted by Dar)

Discovery could lead to treatments for blindness disease – British scientists have figured out the key mechanism behind the leading cause of blindness – opening up hope for new treatment options for age-related macular degeneration.

Today’s Quote:

“Regret for the things we did can be tempered by time; it is regret for the things we did not do that is inconsolable.”

–   Sidney J. Harris

Today’s Free Downloads:

Giveaway of the day: Paragon Backup and Recovery 10 Home Special Edition – This solution quickly backs up these files and folders: My Documents, My Media Files, My Email Folders and easily secures valuable data without additional configurations. Backup & Recovery Home has an improved user interface with special wizards that ensure ease-of-use, even for novice users. It’s ideal for the comprehensive security of your home PC and data. (The program is available for $29.95, but it will be free for our visitors as a time-limited offer.)

FilerFrog – If you’re looking to improve on Windows Explorer, give FilerFrog a try. It works as an add-in to Windows Explorer–right-click a file or folder, and FilerFrog appears on the context menu, giving you access to a wide variety of new file- and folder-management features.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

ANOTHER Gmail “We’re Going To Close Your Account” Phishing Attempt – And The Beat Goes On!

For months now, Gmail inboxes have been flooded with one form or another, of the “Your Gmail account needs verification to avoid being shut down ” phishing attack.

I mentioned earlier this month, that I didn’t expect to see this Gmail  accounts scam reducing in volume any time soon. And sure enough, late today, I received another email, purportedly from the Gmail Team, in which the phisher attempts to convince me that this is the genuine article.

Dear Account User,

Bear with us, we ere undertaking a major upgrade in our Gmail network to ensure the security and privacy of our Gmail users and improve our service.

All Gmail Account needs Verification to avoid it being shut down due to recent problems encountered by Gmail Database system as a result of the ongoing upgrade. Please supply the details below to clarify that your account. so that it will not be deleted.

Username:

Password:

Birth date:

Country:

Note: Account owner that refuses to update his or her account within Seven days of receiving this notice will lose his or her account permanently.

Thank you for using Gmail!

The Gmail Team

It’s the same old, same old, though. Just like most of these type of emails, this one contains the usual misspelling, grammatical, and punctuation errors.

It looks convincing enough though, that some new Gmail users might easily be taken in. I know that you won’t be deceived by this type of clumsy attempt to defraud, but you would be surprised how often reasonably intelligent people are.

As with all emails of this type, the following issues raised immediate questions.

No personalized greeting.

The reply form asks for information that I initially supplied to Gmail when I activated my account.

The reply form asks me to provide my password. Isn’t this supposed to be kept secret even from Gmail?

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address. In this particular case, the email actually came from vodamail.co.za (South Africa).

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.

Here’s what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

It’s important that you know, that Google is not immune to hacking, as the fairly recent fiasco in China, in which Chinese hackers compromised Chinese activists’ Gmail accounts, illustrates. In fact, Gmail hacking is a much more common occurrence than most users are aware of.

To further illustrate just how common this is, the article I wrote on being hacked – My Gmail Account Hacked From Nigeria, continues to be one of the most read articles I’ve written.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Two Gmail Features Worth Knowing

Personal Level Indicators

Gmail’s Personal Level Indicators, when activated, will help you quickly determine if a message was addressed to you, a group, or a mailing list. A single arrow (>) appears next to a message when it is sent to you, and a group of others. Double arrows (>>) indicate that a message is addressed only to you. Arrows won’t appear next to messages sent to a mailing list.

Enabling this option is easy. Simply go to “Settings”, and in the “General” tab – “Personal Level Indicators” select “Show Indicators”. Be sure to save your changes.

As the following screen shot shows, three of these four messages have been sent to me, only. While one message has been sent to a group. My response to these messages was guided by who, other than me, received the same message.

Activity on this account monitor

One of the many reasons I’ve stuck with Gmail as my primary email service all this time is, the alert service Google provides in Gmail. The “Last account activity: … minutes ago at this IP..” alert. This applet can be activated from its position directly below the message pane.

Just as I monitor my open connections while on the Internet, I also scan the account activity alert frequently, while logged in to Gmail. In June of this year, this monitoring habit saved me from untold misery following a hack  by Nigerian cyber crooks.

Since I was able to jump on this penetration immediately, I recovered my Gmail account on the spot, without having to jump through all the hoops Google sets out for those unlucky enough to lose control of their account.

Screen shot of a “clean” activity report. I have blanked out potions of this report for privacy purposes.

Screen shot indicating my account has been hacked from Nigeria.

Google offers an excellent tutorial on “Last account activity”, and I urge you to check it out. Believe me, the very last thing you want to have to deal with is a compromised Gmail account.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – September 28, 2010

Victimized by a ‘legitimate’ drive-by download – A careless, hurried click on the Adobe Flash Player update screen left unwanted McAfee security software on my PC and caused a scary-but-harmless antivirus-conflict warning.

Hotmail adds new security measures to defend against account hijacks – Despite the fact that Hotmail has a much larger user base, general consensus seems to be that the Microsoft’s webmail service is still playing catch-up with Gmail. With its recent updates, however, Hotmail has improved greatly — and the improvements keep on coming.

The Best Free Mac Software – 73 products. 21 categories, and all for the Mac platform. These are the best free apps for getting stuff done on your Apple computer. In this list you’ll find everything from PDF viewers to File Transfer apps. Kind of proves that the Mac is not just about “Thinking Different”, but good old-fashioned thinking, too.

Malware attacks force MS to ship emergency ASP.net patch – Microsoft plans to ship an out-of-band security update September 28, 2010, to fix a serious ASP.net vulnerability that’s being exploited in the wild.

Twitter Hit By Another Worm – Another week, another fast-moving Twitter attack. Just days after engineers stamped out a nasty cross site scripting hole in the company’s Web page, the company had to contend with a worm that used an attack called “cross site request forgery” to post salacious messages and malicious links on victims’ accounts.

The hidden gems found in the Windows 7 calculator – Admittedly, the standard calculator application found in every version of the Microsoft Windows operating system since the beginning is not usually considered sexy, but the new version found in Windows 7 earns props for adding real value. Check out some of the new features found hidden in the menu tree of this often taken for granted free applet.

Fake LinkedIn spam attack – Starting on Monday, cyber criminals sent spam email messages targeting the LinkedIn social media community. Victims are emailed an alert link with a fictitious social media contact request. These messages accounted for as much as 24% of all spam sent within a 15-minute interval.

U.S. drafts bill proposing easier Internet wiretapping – As criminals and terrorists are progressively ditching phone communication in favor of the online kind, U.S. law enforcement and national security agencies are worried about the possibility of intercepting it in order to thwart their malicious plans.

10 plus must have Windows 7 Desktop Gadgets – Desktop Gadgets in Microsoft Windows 7 are more sophisticated and more useful than in previous versions of the operating system. Here are 10+ gadgets that should be in your desktop management portfolio.

ZeuS tries to bypass two-factor authentication – The attack begins as it usually does – the Trojan steals the username and password as it is inserted by the user. Then, a rogue form pops up and demands of him to share his mobile phone vendor, model and phone

Company News:

RIM Unveils PlayBook Tablet – Smartphone maker takes the wraps off of its long-awaited entry into the tablet market, billing the new PlayBook device as “enterprise-ready” and a natural next step for current BlackBerry users.

Spamhaus launches whitelist service – The Spamhaus Project has released the Spamhaus Whitelist which allows Internet mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown, allowing mail server operators to block known bad email traffic, let known good email traffic pass safely, and heavily filter unknown email sources.

Microsoft Expands Ties With LinkedIn – Software giant teams with the leading business-oriented social network to sync contacts from popular Windows Live services like Hotmail and Live Messenger.

PC Users Happier with Windows 7, Survey Says – Nearly a year after its launch, Windows 7 has accomplished what Microsoft and its PC manufacturing partners had hoped it would: Make users forget about its much-maligned predecessor Vista. In fact, customer satisfaction among personal computer users is at or near all-time highs, according to a new report by the American Customer Satisfaction Index (ACSI).

Off Topic (Sort of):

USB drive identifies and extracts data, leaving no footprint – Harris Corporation introduced a highly customizable USB thumb drive that quickly extracts targeted data from computers. The device – called BlackJack – is designed for military, intelligence, and law enforcement cyber security missions, where speed, stealth and accuracy are paramount considerations.

Overheating Laptop: A Personal Story – When my Dell laptop dangerously overheated, the experience was frightening. And resolving it with Dell was downright frustrating.

CIA used ‘illegal, inaccurate code to target kill drones’ – The CIA is implicated in a court case in which it’s claimed it used an illegal, inaccurate software “hack” to direct secret assassination drones in central Asia.

15 Essential Games of This Generation – Here are this generation’s must-have games for the PS3, Xbox 360, Wii, and PC.

Today’s Quote:

“The two most abundant things in the universe are hydrogen and stupidity.”

–     Harlan Ellison

Today’s Free Downloads:

Malwarebytes Anti-Malware 1.46 – Malwarebytes Anti-Malware is a surprisingly effective freeware antimalware tool. It’s a relatively speedy malware remover, with the quick scan taking about 8 minutes even with other high-resource programs running. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and dangerous apps.

GOM Media Player 2.1 – As various media players jockey for position to become your default setting for music and video streams, GOM Media Player’s support for a wide range of file formats has helped it stand out as a firm favorite.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

How Secure Are Your Software Applications – Not Very, It Seems

Most of us, I expect, are familiar with the expression – If you fail to plan, then you plan to fail. If you accept the findings of Veracode’s second edition of their State of Software Security Volume 2, which reports unfavorable on the security reliability of more than half of the 2,922 web applications tested, you might  wonder if application developers are familiar with this expression.

This report, coupled with the Qualys Vulnerability Report, which I receive weekly, leaves little doubt in my mind that software developers, by and large, need to focus more intently to ensure their applications are appropriately hardened against security vulnerabilities.

The following partial listing taken from the Qualys Vulnerability Report, from several weeks ago, highlights this lack of focus on this point. Frankly, I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the IT security community. It’s as if, application vulnerabilities are a dirty little secret.

Critical Vulnerabilities – Widely Deployed Software

(1) HIGH: Adobe Reader / Acrobat Font Parsing Buffer Overflow Vulnerability
(2) HIGH: Mozilla Firefox Multiple Vulnerabilities
(3) HIGH: Apple Safari Multiple Security Vulnerabilities
(4) HIGH: Google Chrome Multiple Security Vulnerabilities
(5) HIGH: Apple iOS Multiple Vulnerabilities
******************************************************************
Comprehensive List of Newly Discovered Vulnerabilities from Qualys
–  Third Party Windows Apps
10.37.1  – HP Operation Agent Privilege Escalation and Remote Code Execution Issues
10.37.2  – Tuniac “.pls” File Buffer Overflow issue
10.37.3  – Microsoft Internet Explorer CSS Handling Cross-Domain Information Disclosure
— Mac Os
10.37.4  – Apple Mac OS X Mail Parental Control White List Security Bypass Issue
— Linux
10.37.5  – Linux Kernel “keyctl_session_to_parent()” Null Pointer Dereference Denial of Service
10.37.6  – Linux Kernel “IrDA” Protocol NULL Pointer Dereference Denial of Service Issue
10.37.7  – oping Local Information Disclosure
10.37.8  – Linux Kernel “irda_bind()” Null Pointer Dereference
10.37.9  – Linux Kernel “SIOCGIWSSID” IOCTL Local Information Disclosure Issue 10.37.10 – Linux Kernel “XFS_IOC_FSGETXATTR” Information Disclosure Issue
— Novell
10.37.11 – Novell Netware SSH Remote Buffer Overflow Issue
— Cross Platform
10.37.12 – Blackboard Transact Multiple Insecure Password Handling Information Disclosure Issues
10.37.13 – Zope Unspecified Denial of Service Issue
10.37.14 – httpdx “h_readrequest()” Remote Format String
10.37.15 – Techlogica HTTP Server Remote File Disclosure
10.37.16 – Arno’s IPTABLES Firewall IPv6 Detection Remote Security Bypass
10.37.17 – Hitachi JP1/Desktop Navigation Unexpected Data Denial Of Service Issue
10.37.18 – Google Chrome Multiple Security Vulnerabilities
10.37.19 – LDAPUserFolder Emergency User Arbitrary Password Authentication Bypass Issue 10.37.20 – ffdshow “.avi” File NULL Pointer Dereference Denial Of Service Issue
10.37.21 – Squid Proxy String Processing NULL Pointer Dereference Denial of Service
10.37.22 – VLC Media Player “smb://” URI Handler “.xspf” File Buffer Overflow Issue

Veracode’s State of Software Security Volume 2, reveals what may well be the true state of the software we have come to rely on.

The following are some of the most significant findings:

More than half of all software failed to meet an acceptable level of security and 8 out of 10 web applications failed to comply with the OWASP Top 10.

Cross-site Scripting remains the most prevalent of all vulnerabilities.

Third-party applications were found to have the lowest security quality.

The security quality of applications from Banks, Insurance, and Financial Services industries was not commensurate with their business.

Equally as important – 57% of all applications were found to have unacceptable application security quality. Even more troublesome, more than 80% of internally developed and commercial web applications failed to comply with the OWASP Top 10 which is shown below.

OWASP Top

1. Injection – Examples of injection flaws are SQL, LDAP, HTTP header injection (cookies, requests), and OS command injections.
2. Cross Site Scripting (XSS) – Malicious scripts are executed in the victim’s browser allowing the attacker to hijack the user’s session, steal cookies, deface web sites, redirect users to malicious web sites, and remote browser control.
3. Broken Authentication and Session Management – Flaws used against one account may be replicated against an account with higher privileges.
4. Insecure Direct Object References – Attack occurs when an authorized user can change a parameter value that refers to a system object that they are not authorized for.
5. Cross Site Request Forgery (CSRF) –  CSRF attacks can complete any transactions that the victim is permitted to perform such as access data, transfer funds or make purchases.
6. Security Misconfiguration – Attacker exploits unsecured pages, default accounts, unpatched flaws or any other vulnerability that could have be addressed by proper configuration.
7. Failure to Restrict URL Access – Links can be obtained from: hidden fields, client-side code, robots.txt, configuration files, static XML files, directory access.
8. Unvalidated Redirects and Forwards – Unvalidated parameter allows an attacker to choose a destination page where they wish to send a victim to trick them into disclosing private information.
9. Insecure Cryptographic Storage – The most common reason for this attack is that data that should be encrypted is stored in clear text.
10. Insufficient Transport Layer Protection – Most commonly, this attack occurs when a site does not use SSL/TLS for pages that require authentication where an attacker can monitor network traffic to steal an authenticated user’s session cookie.

The full report in PDF format is available here.

So how do you ensure that your software installations are relatively secure? Unfortunately, there’s no perfect answer – but you can reduce your overall exposure by installing the free  Secunia Personal Software Inspector, (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

Installing this small free application will definitely assist you in identifying possible security leaks.

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7

Download at: Download.com

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.