Category Archives: Security

Free stuff: If it sounds too good to be true…

People like free stuff. I do. You do. We all do. We go to conferences, we get free stuff. Sometimes we get high-value free stuff, sometimes it’s just cheap or useless free stuff. Either way, we strive to get our hands on it. It’s human nature to want something for nothing. Human nature can be meddled with. It can be coerced into playing a game. Make the offer of free stuff so good and people will part with personal information in the vain hope they receiving something for nothing. And make it the current “must have” or “in demand” gadget and you’re on to a surefire winner.

As an aside
I recall a time around 20 or so years ago. I was in a customer service position and I was about to tell a bunch of customers that the dinner they were expecting was going to be delayed. Knowing that I would receive “some grief” if I just told them their food was going to be another half an hour, so I figured out a different angle. I approached the table and announced “I have good news and bad news. The good news is…I have a free round of drinks for you…” – pause for effect – “…and the bad news is there’s a 30 minute delay on your food”. By offering free stuff first, I was able to make the bad news more palatable [sorry!] and in this instance, raise a little laugh. People like free stuff and they’ll put up with quite a bit if the free stuff is worth having.

Free stuff, just follow and retweet
Just before Christmas 2012 I spotted @wp_discovery appear on Twitter. Officially it joined Twitter on the 7th of December 2012. It went through a couple of name changes before settling on @wp_discovery, but that’s neither here nor there. They also muddled their location from Finland to the UK – a vague attempt to gather some authenticity I imagine.

I added them to a list in order to keep an eye on the tweets. It was a competition-style tweet stream, simply follow and retweet to be in with a chance of winning either Nokia Lumia devices or Microsoft Surface units. In the words of The Real Hustle: “if it sounds to good to be true, it probably is”. That was my first thought and was the reason I chose not to follow them or retweet their material. Hindsight is a wonderful thing, it appears my cold pricklies were correct.

What has been written so far?
I don’t plan to discuss the full story behind @wp_discovery, other bloggers have done excellent work in that space so there’s little point in repeating that information here.

Gary has done a great job keeping a log of the goings on relating to @wp_discovery’s actions.

Alvin has also written a great article: Editorial Lies Damned Lies and the Promise of Free Gadgets.

John has written a good straight to the point piece: Raising Awareness: The Great @wp_discovery Giveaway

Stop Malvertising have also written an excellent piece: http://stopmalvertising.com/spam-scams/warning-the-great-wp_discovery-giveaway.html

In a nutshell
There’s not a shred of evidence that anybody who follows and retweets the @wp_discovery account has actually won anything.

The @wp_discovery account had been asked to provide lists of winners but has so far been citing “privacy” as the reason for not issuing said list.

Photographs tweeted from the @wp_discover account have also been seen used elsewhere – @wp_discovery claim they are listing the devices on eBay and that they can use the photos as they see fit.

They also latched on to a Windows Phone game and tried to use that to promote their Twitter feed.

Questions were asked about where the devices came from, answers were given…they were journalists and had lots of review kit to give away. A few folks hinted that review kit was on loan and rarely could be considered a gift. However, the following public didn’t really care, they wanted their chance to blag a free Nokia Lumia or a Microsoft Surface or a Microsoft Xbox+Kinect: people were blinded by the fact they had a chance to win nearly $1000 worth of prize.

This carried on for a few days…until it became clear that there were no prize winners and the draw mechanism was “time based”…entrants stood no chance.

A Different Angle
However, I do want to think about what has happened here from a slightly different angle.

  • The @wp_discovery account amassed a decent number of followers very quickly. In around ten days they gathered about 10,000 followers. Twitter should have noticed that and raised an alarm bell.
  • Once the account was noted as being a fake, initially on the 26th of December, but more so on the 29th, they lost a few hundred followers. Despite frequent retweets of warning messages, folks continued to follow them. That said, as of today 1st January 2013, the follower count has started to dip again. However their material is still be retweeted by many new followers. This leads me to believe that there’s a reasonable amount of “follower loss” vs “follower gain” – at the moment the losses are marginally more than the gains. Twitter should have noticed this pattern and a red flag should have been raised.
  • Many hundreds of the disgruntled followers and since unfollowed the @wp_discovery account, “reported as spam” and blocked it. Twitter should have noticed this and raised an alarm bell.
  • The @wp_discovery account has actively blocked any user who openly questioned their approach. Twitter should have noticed this and raised an alarm bell.

Looking at Twitter’s Rules, under Spam, there are a number of clauses that @wp_discovery may have fallen foul of:

  1. If a large number of people are blocking you; I would expect a large number of users blocked @wp_discovery; it would be interesting to understand Twitter’s definition of a large number though.
  2. The number of spam complaints that have been filed against you; Ditto for spam complaints
  3. If you post duplicate content over multiple accounts or multiple duplicate updates on one account; there were significant duplicate updates which should have caught Twitter’s attention.
  4. If you have attempted to “sell” followers, particularly through tactics considered aggressive following or follower churn;
  5. Using or promoting third-party sites that claim to get you more followers (such as follower trains, sites promising “more followers fast,” or any other site that offers to automatically add followers to your account); a third party Windows Phone alias was used to attract followers and drive traffic to the third party’s Windows Phone game.
  6. If you create false or misleading Points of Interest; @wp_discovery created a flurry of retweets around the notion that there were high-value prizes up for grabs

Looking at the “Content Boundaries and Use of Twitter”, it is possible that some of these boundaries have been breached too.

  • Impersonation: At one stage, their Twitter profile suggested they may have some soft of affiliation with Nokia.
  • Privacy: They followed Jenna Kate Kelly for a period of about two minutes, they then sent Jenna lurid direct messages. They denied sending her these messages, despite a number of witnesses and screenshots proving it!
  • Violence and Threats: What could be interpreted as threatening tweets were issued from the @wp_discovery account.
  • Copyright: The Microsoft “Windows 8” logo has been used as the @wp_discovery avatar. I know from personal experience that we, as app developers, are not permitted to use logos that are “too similar” to the Microsoft logo in Windows 8 apps that are submitted to the Windows Store.

And they clean up when a legal issue appears
As I was writing this, 1/1/13 at 22:15, I noticed @wp_discovery had begun to delete their tweets. They then posted a single tweet:

1

Which was then replaced with this one:

2

The bit.ly link leads to here: http://areon-development.de/?p=191. I’m not going repeat material that is already in Gary’s post on this matter. Suffice to say, @wp_discovery tried to use a Windows Phone game written by Areon Development in order to attract more followers. Areon Development clearly didn’t appreciate the association and pursued matters that led to @wp_discovery holding up their hands and walking away. That’s certainly the public statement that has been issued, I don’t think we’ll ever know the full ins and outs of it all.

What’s next?
Before they deleted their tweets, they did tweet this:

3

Now, I’m not suggesting that the @mplacetoday account is possibly their “next project”, but I would have to question why an account that was created on the 31st of December 2012 would warrant the attention of @wp_discovery? If somebody tells me otherwise, I’ll gladly remove this section from this blog post.

Moral of the story
It’s simple: if something seems too good to be true, it probably is.

Any Twitter stream or web-site that offers Nokia Lumia 920 phones, Microsoft Surfaces, Xboxes and Kinects has to have some form of reputation. They should also have some terms and conditions governing how you may enter their competition and how they’ll go about effecting the draw. There will probably be issues relating to where they will ship the prize to (e.g. some countries may not be eligible). Importantly, there will be a publicity or privacy clause – most competitions will expect you to be publicly ecstatic about your win, but they will give you the option of privacy should you wish it. @wp_discover had none of these in place…apart from assuming all supposed winners wanted 100% privacy.

They duped thousands of followers into thinking they stood a chance of winning a high-value prize. They were claim to have 5 phones and 2 Surfaces in their draws. Even as the follower count increased, 5 chances out of 9,000 or 10,000 has fairly good odds. At one point, near the end of their flurry of activity last month, they were suggesting anybody who asked could have a phone, any phone, just ask! I know that some “you’re a winner” direct messages were sent out, however as Gary explained in his post, @wp_discovery weaseled out of shipping prizes using a variety of tricks.

The upshot of it all was this: no real winners, merely folks who thought they had won something – @wp_discovery, most likely, wanted you to provide them with more personal information than would normally be required in any prize draw anywhere in the world.

You can protect yourself from similar [Twitter] scams in the future by doing as much research as you can. Use tools to help you, here are a few suggestions:

  • Use http://www.whendidyoujointwitter.com/ to help you work out how long a Twitter user has been on Twitter. If they joined recently, you have reason to investigate further.
  • Do they link to a web-site in their Twitter bio? It’s very easy to create a Twitter account and “go”. Creating a full web-site with contact details, legalese, etc. is another matter all together.
  • Use Twitter Search to see what everybody else is saying about a Twitter user – if most of the @wp_discovery followers did this, they’d never have followed them in the first place.
  • Use Bing, Google or your favourite search engine – although the results will include more than just Twitter and may include sites that aggregate Twitter content making it hard to “see the wood for the trees”
  • Use linguistic analysis – look at the grammar usage, use of contractions (“it is” and “it’s”). If they link to third-party sites, compare the writing style. Consider small things like the orientation of smilies “:-)” vs “(-:”. There are lots of small clues to be found in careful analysis of the language constructs and word selections!
  • Use screenshots to help gather information. There are lots of [free] tools that can grab your screen automatically – these are great if you need to capture follows, unfollows or tweets that may have been deleted, etc. I’ve used TimeSnapper in the past – there’s a free version available.

There are plenty of other tools that you can use, feel free to share any that you find useful in the comments below.

Thanks for reading!

Protecting your #windowsphone intellectual property using Dotfuscator

Justin Angel‘s Windows Phone Marketplace Statistics post makes very interesting reading. Justin has done a stellar job downloading all of the Marketplace applications and performing a lot of statistical analysis.

I was particularly interested in one of the statistics: 97% of Marketplace apps aren’t obfuscated. On the off chance that you haven’t come across obfuscation yet, here’s something from wikipedia to get you started:

Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret.
http://en.wikipedia.org/wiki/Obfuscation

Obviously this means that a mere 3% of the apps in the Marketplace have some form of obfuscation. Justin was looking for PreEmptive Solutions Dotfuscator signatures, which is currently the only Windows Phone obfuscater available. Regardless of the obfuscation monopoly, 3% for what is currently the de facto tool is surprisingly low and worrying. I think back to my days in academia and how source code was something to be protected. Getting your hands on somebody else’s code was (for some students) a real boon – if you were struggling, picking up a top student’s discarded source code could provide you with something from which gave you a start. I witnessed this a few times, it happened “back in the day”, and I’m sure it still happens today.

Traditionally, we’ve used reflection to provide us with some insight as to the contents of .net assemblies. We used, almost exclusively, .NET Reflector, although recently we’ve seen similar offerings from JetBrains (dotPeek) and Telerik (JustDecompile) to name but two other reverse engineering or decompilation tools. Typically, these tools looks for .dll or .exe files. Windows Phone apps are deployed via a .xap file, we need to crack open the .xap and extract the .dlls that we are interested in looking at. Given that .xap files are actually no more than .zip files, we can simply rename the .xap to .zip and pull out the .dlls from there.

An Example
About 20 years ago (ahem!), my Pascal tutor set us a programming exercise. The full details are documented in this post. In a nutshell, we had to create a [Pascal] program that accepted a letter A thru Z and plotted a text-based triangle, where the chosen letter was the “middle” of the triangle. Once you see the screenshot (and the code), all will become clear.

Needless to say, the problem wasn’t as simple as it sounded. As soon as students demonstrated a solution, others were keen to look at the algorithms and tricks used to arrive at the solution. The code below presents a re-hashed version of my original submission, updated slightly such that it runs as a Windows Phone app.

     private void button1_Click(object sender, RoutedEventArgs e)
        {
            char widest_char;
            int next_char, finish_char, wide, range, direction, position, spacelength, loop;

            widest_char = 'F';

            wide = (int)widest_char;
            direction = 1;
            spacelength = 1;
            position = 1;

            next_char = 66;
            finish_char = 65;

            range = 2 * (wide - finish_char);

            // Calculate initial left indent
            int mid = wide - 65 + 1;

            String firstLetter = Char.ToString((char)finish_char);
            firstLetter = firstLetter.PadLeft(mid + 1);

            textBlock1.Text = firstLetter + "\n";

            for (loop = 1; loop < range; loop++)
            {
                textBlock1.Text += (" ".PadLeft(mid - position));
                textBlock1.Text += ((char)next_char);

                textBlock1.Text += (" ".PadLeft(spacelength));
                textBlock1.Text += ((char)next_char);
                textBlock1.Text += "\n";

                next_char = next_char + (1 * direction);
                position = position + (1 * direction);
                spacelength = spacelength + (2 * direction);

                // Flip direction when the middle of the diamond is reached
                if (next_char == wide) direction = -1;
            }

            textBlock1.Text += firstLetter;
            textBlock1.Text += "\n";            
        }

Here's a screenshot of the output:

Visual Studio 2010 created a .xap file that was deployed to the emulator or physical device. In order to extract the .dll that makes up the diamond application, we rename the .xap file as a .zip file, from there it's just copy and paste.

It's a different story for dotPeek now. It can still inspect the .dll with ease, however the meaningful variable names have been largely lost. The crux of this particular code example revolves around the algorithm that is used to create the diamond shape - some students were very keen to get a glimpse of an algorithm! The algorithm is still very obvious from the code fragment below:

private void button1_Click(object sender, RoutedEventArgs e)
    {
      char ch = 'F';
      int num1 = (int) ch;
      int num2 = 1;
      int totalWidth = 1;
      int num3 = 1;
      int num4 = 66;
      int num5 = 65;
      int num6 = 2 * (num1 - num5);
      int num7 = num1 - 65 + 1;
      string str1 = char.ToString((char) num5).PadLeft(num7 + 1);
      this.textBlock1.Text = str1 + "\n";
      for (int index = 1; index < num6; ++index)
      {
        TextBlock textBlock1 = this.textBlock1;
        string str2 = textBlock1.Text + " ".PadLeft(num7 - num3);
        textBlock1.Text = str2;
        TextBlock textBlock2 = this.textBlock1;
        string str3 = textBlock2.Text + (object) (char) num4;
        textBlock2.Text = str3;
        TextBlock textBlock3 = this.textBlock1;
        string str4 = textBlock3.Text + " ".PadLeft(totalWidth);
        textBlock3.Text = str4;
        TextBlock textBlock4 = this.textBlock1;
        string str5 = textBlock4.Text + (object) (char) num4;
        textBlock4.Text = str5;
        TextBlock textBlock5 = this.textBlock1;
        string str6 = textBlock5.Text + "\n";
        textBlock5.Text = str6;
        num4 += num2;
        num3 += num2;
        totalWidth += 2 * num2;
        if (num4 == num1)
          num2 = -1;
      }
      TextBlock textBlock6 = this.textBlock1;
      string str7 = textBlock6.Text + str1;
      textBlock6.Text = str7;
      TextBlock textBlock7 = this.textBlock1;
      string str8 = textBlock7.Text + "\n";
      textBlock7.Text = str8;
    }

Obfuscating the .xap using PreEmptive Solutions' Dotfuscator, changes the playing field quite significantly. Whilst Dotfuscator can obfuscate a Windows Phone .xap file, we still have to rename it to a .zip before we can inspect the assemblies found inside it. Extracting the assembly that draws the diamond, then firing it through dotPeek results in the following, rather lengthy, code fragement:

 private void ᜀ(object A_0, RoutedEventArgs A_1)
    {
      int A_1_1 = 6;
      switch (0)
      {
        default:
label_2:
          char ch = 'F';
          int num1 = (int) ch;
          int num2 = 1;
          int totalWidth = 1;
          int num3 = 1;
          int num4 = 66;
          int num5 = 65;
          int num6 = 2 * (num1 - num5);
          int num7 = num1 - 65 + 1;
          string str1 = char.ToString((char) num5).PadLeft(num7 + 1);
          this.textBlock1.Text = str1 + MainPage.b("ሗ", A_1_1);
          int num8 = 1;
          int num9 = 1;
          while (true)
          {
            switch (num9)
            {
              case 0:
label_8:
                num2 = -1;
                num9 = 5;
                continue;
              case 1:
              case 4:
                num9 = 3;
                continue;
              case 2:
                if (num4 == num1)
                {
                  num9 = 0;
                  continue;
                }
                else
                  goto case 5;
              case 3:
                if (num8 < num6)
                {
                  TextBlock textBlock1 = this.textBlock1;
                  string str2 = textBlock1.Text + MainPage.b("㠗", A_1_1).PadLeft(num7 - num3);
                  textBlock1.Text = str2;
                  TextBlock textBlock2 = this.textBlock1;
                  string str3 = textBlock2.Text + (object) (char) num4;
                  textBlock2.Text = str3;
                  TextBlock textBlock3 = this.textBlock1;
                  string str4 = textBlock3.Text + MainPage.b("㠗", A_1_1).PadLeft(totalWidth);
                  textBlock3.Text = str4;
                  TextBlock textBlock4 = this.textBlock1;
                  string str5 = textBlock4.Text + (object) (char) num4;
                  textBlock4.Text = str5;
                  TextBlock textBlock5 = this.textBlock1;
                  string str6 = textBlock5.Text + MainPage.b("ሗ", A_1_1);
                  textBlock5.Text = str6;
                  num4 += num2;
                  num3 += num2;
                  totalWidth += 2 * num2;
                  num9 = 2;
                  continue;
                }
                else
                {
                  num9 = 6;
                  continue;
                }
              case 5:
                if (1 == 0)
                  ;
                switch (1 == 1 ? 1 : 0)
                {
                  case 0:
                  case 2:
                    goto label_8;
                  case 1:
                    if (0 == 0)
                      ;
                    ++num8;
                    num9 = 4;
                    continue;
                  default:
                    goto case 1;
                }
              case 6:
                goto label_15;
              default:
                goto label_2;
            }
          }
label_15:
          TextBlock textBlock6 = this.textBlock1;
          string str7 = textBlock6.Text + str1;
          textBlock6.Text = str7;
          TextBlock textBlock7 = this.textBlock1;
          string str8 = textBlock7.Text + MainPage.b("ሗ", A_1_1);
          textBlock7.Text = str8;
          break;
      }
    }

Clearly the Dotfuscator version is much harder to understand. This is about as far as most obfuscation methods can go, they won't make it impossible to reverse engineer your application, but they will make it very time-consuming for those trying to read and understand the code.

If you are planning to obfuscate your Windows Phone apps, be sure to test them after they have been obfuscated. Like any tool that alters code post-compile, there is a chance that something may cause your app to fail. As part of the Windows Phone SDK, the Application Deployment tool is your friend. It will let you deploy .xap files to the emulator or a physical device outside of Visual Studio 2010. In other words, once you've built and tested your app, after you've obfuscated the .xap, use the Application Deployment tool to re-test the deployment.

Of course, if you are targeting Windows Phone Mango, all of this becomes rather academic. As Justin points out, from Mango onwards, .xap files will be DRM protected. Whilst your .xap will be downloadable from the Marketplace, the file itself can't be cracked open in the same way I mentioned earlier in this post. However, if you are planning to target Windows Phone 7.0 "NoDo" 7392/7390 builds, obfuscation might be something for you to consider.

Survey: 3-D Secure, Verified by Visa, MasterCard SecureCode

I would like to draw your attention to a “5 click” survey that will help Anthony Bouch progress with his MSc in Information Security. You would be doing Anthony a huge favour by completing his anonymous survey!

It’s a very short survey, you don’t even have to enter any text if you don’t want to, here’s a snapshot of it:

You could use that last question to mention the fact that Amazon currently does not implement 3-D Secure, Verified by Visa or MasterCard SecureCode and that you believe they should!

It’s one thing clearing your tracks, but make sure you clear out index.dat too

Readers who are sensitive to shocking content should stop reading now – the following screenshot contains text that might offend!

I am asked on a rather regular basis to “fix” laptops and desktop. Typically they’ve started running slower or have started to automatically run applications that perform untoward actions. “Internet Security 20xx”-type of applications seem to be more common; certainly the last 5-6 laptops that I’ve been asked to fix have had some variation installed. If you’re running good anti-virus software, you don’t need anything else. If you’re browsing the web and are suddenly told “your computer is infected, click here to fix it”…it’s probably a hoax.

Today, I was invited to deal with a blue screen of death on a friend’s laptop. On the surface, it looked like it was a driver issue stemming from Nero. However further inspection revealed a sordid history!

I use CCleaner as part of my regular Windows maintenance. It’s a great application that will remove unwanted files from your PC, without actually breaking it. Fewer files on your hard drive mean that anti-virus, malware scanners, etc. can run a little faster – they’ve got fewer files to scan.

By default, CCleaner will clear any temporary internet files left behind by your browser of choice. My friend was using Internet Explorer…whilst the temporary files had been cleaned up, the index.dat file had not. If you are using Windows 7, the index.dat file can be found here: C:\Users\<>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 Essentially, it contains a list of the sites you’ve visited, even if you’ve cleared out your temporary internet files.

Upon inspection of the index.dat file, it was soon clear why the laptop was experiencing problems!

Busted. Next time, my friend will remember to check the index.dat box in CCleaner! I should note that this isn’t the most offensive list of sites that I’ve discovered whilst cleaning up a PC – I couldn’t bring myself to take a screenshot from that PC!

Further reading:

Browser history can help determine rebuild vs clean up, but can be revealing…
“It wasnae me” – browser history, real world example 2

Fake “Amazon.com – Your Cancellation” e-mail

I received an item of e-mail reporting to be an Amazon order cancellation. It looked fairly authentic: to the untrained eye with some curiosity, you may be fooled into clicking on the ORDER DETAILS link. If you are in the UK, one of the key clues is the fact that this e-mail is reporting itself as originating from amazon.com – in the UK we would expect such e-mail to come from amazon.co.uk. The same could be said for other non-.com editions of the Amazon site.

Closer inspection reveals that the ORDER DETAILS link doesn’t goto an Amazon web-page, but to a completely different site…in this case you’ll be taken to a site that offers you tablets for helping make something bigger! However, there’s nothing to tell you how dangerous the destination site is…a single click can cause a lot of damage.

I use MailWasher Pro as my client-side anti-spam filtering tool, it’s kind enough to expand links in e-mails such that the true destination is revealed, as the screenshot below demonstrates:

The learning experience behind this blog post is that you should never trust links on face value. Always hover the mouse over the link and see where it ultimately leads to: if it’s not going where you expect it to be going, resist the temptation to “just click on it”! If hovering the mouse over the link doesn’t help you, see if you can find the message source (In Outlook right clicking on an e-mail, choosing Message Options lets you look at the “Internet Headers” and the raw message).

FYI, here’s the full body of the original e-mail.

Received: ... from forum.mbfpro.biz ([94.23.20.147])
by twx8...com with smtp (Exim 4.69)
(envelope-from )
id 1No5Qd-0001Xk-S3
for ...; Sun, 07 Mar 2010 01:37:14 +0000
Date: Sat, 6 Mar 2010 23:59:45 +0400 (UTC)
From: "order-update@amazon.com"
To:
Message-ID: <151840.7152476933828043636.JavaMail.correios@na-mm-relay.amazon.com>
Subject: Amazon.com - Your Cancellation (0713-48571-25595)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-AMAZON-CLIENT-HOST: online-gp-48l06.iad9.amazon.com
Bounces-to: 20103c7b52838824c217f09b0630caf76b94d527f4@bounces.amazon.com
X-AMAZON-MAIL-RELAY-TYPE: notification
X-AMAZON-RTE-VERSION: 2.0
X-Spam-Status: No, score=4.1
X-Spam-Score: 41
X-Spam-Bar: ++++
X-Spam-Flag: NO

<html>
<head>
<title>Amazon.com - Your Cancellation
</head>
<body bgcolor="#FFFFFF" link="#0066CC">

Dear Customer,
<br />
Your order has been successfully canceled. For your reference, here`s a summary of your order:<br />

You just canceled order #859-8266172-041110

<br />Status: CANCELED

_____________________________________________________________________<br />

<a href="http://almedicgroup.com/robbie.html">ORDER DETAILS</a><br />
Sold by: Amazon.com, LLC
<br />
_____________________________________________________________________<br /><br />

Security – Events and webcasts (July)

If you are interested in attended any of these webcasts, remember that we are +8 hours ahead of Pacific time, i.e. 1100 Pacific is 1900 here in the UK.

Security Webcast Calendar
Find security webcasts listed in an easy-to-use calendar format:
http://go.microsoft.com/fwlink/?LinkId=37910

Upcoming Security Webcasts
Register for the following Webcasts:
http://www.microsoft.com/events/security/upcoming.mspx

TechNet Webcast: Information About Microsoft July Security Bulletins (Level 200)
Wednesday, July 15, 2009 11:00 A.M.-12:30 P.M. Pacific Time

TechNet Webcast: Windows 7 Enhanced Security and Control (Level 300)
Wednesday, July 15, 2009 10:00 A.M.-11:00 A.M. Pacific Time

TechNet Webcast: Protecting Your Data with Windows 7 BitLocker and BitLocker To Go (Level 300)
Wednesday, July 29, 2009 10:00 A.M.-11:00 A.M. Pacific Time

On-Demand Security Webcasts
http://www.microsoft.com/events/security/ondemand.mspx

Security Awareness Materials:
Guidance, samples, and templates for creating a security-awareness program in your organisation

Learn Security On the Job:
Learning Paths for Security – Microsoft Training References and Resources

Visit TechNet Spotlight: www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more.

Security – Reading: Windows 7 focus

With Windows 7 reaching its RTM build very soon, it’s worth keeping up to speed with the security features that are available to us. Microsoft has been kind enough to provide us with a wealth of documentation, some which I’ve chosen to list here:

What’s New in Client Security
Get a quick overview of new security features in Windows 7, and changes to security features and technologies from Windows Vista.

BitLocker Drive Encryption Deployment Guide for Windows 7
Delve deep into the various aspects of deploying BitLocker Drive Encryption on computers running Windows 7 Enterprise or Windows 7 Ultimate from using certifications and smart cards to enabling BitLocker by using the command line.

BitLocker Drive Encryption Step-by-Step Guide for Windows 7
Designed to help you become familiar with BitLocker Drive Encryption in a Windows 7 test environment, this guide details basic information and procedures you need to start configuring and deploying BitLocker in your organization.

Implementing and Administering the ActiveX Installer Service in Windows 7
Learn how to use the ActiveX Installer Service to manage the deployment of ActiveX controls by using Group Policy on computers in an organization.

AppLocker Step-by-Step Guide
This step-by-step guide is designed to help administrators become familiar with AppLocker by providing the instructions needed to set up AppLocker in a test lab environment. Each scenario provides basic information and procedures that administrators can use to start configuring and deploying AppLocker in their network environments.

How to Turn Off Security Messages and Other System Notifications in Windows 7
Windows 7 gives you more control over the Security Messages and other Notifications you may or may not want to receive. Learn how, for starters, you can configure how notifications are handled on the Taskbar—choosing to hide certain types of notifications, such as Action Center messages, Network messages, Windows Update Automatic Updates messages, and so on.

Internet Explorer 8 Enhanced Security Configuration
Internet Explorer Enhanced Security Configuration places your server and Internet Explorer in a configuration that decreases the exposure of your server to potential attacks that can occur through Web content and application scripts. Learn more about this configuration and browser security best practices.

UK, London 20-24 April 2009: Windows OS Internals & Advanced Troubleshooting

What:
US MVP David Solomon is running a Windows OS Internals & Advanced Troubleshooting

When:
April 20th -24th

Where:
London, UK

Description:
A public offering of David Solomon Expert Seminar’s hands-on Windows OS Internals & Advanced Troubleshooting class is taking place in London on April 20-24. Gain a deep understanding of the internals of the core operating system components and how to leverage advanced troubleshooting tools to dig beneath the surface when things go wrong.

Registration:
The URL to register and for more details is http://solsem.com/london.html

Win32/Conficker.B/Downadup infections

In short: make sure your system is patched for MS08-067 – use Windows Update to help you.

—————————————————————————

Abstract
Based on feedback Microsoft are concerned about the rise in reported infections due to the worm Win32/Conficker.B also known as “Downadup.” Though systems which have already applied the out-of-band released MS08-067 in October 2008 are protected, unpatched system user have experienced system lockout and other problems.

Last week, Microsoft released a version of the Malicious Software Removal Tool (MSRT) that can help remove variants of Win32/Conficker and other resources.

Background
Win32/Conficker.B exploits a vulnerability in the Windows Server service (SVCHOST.EXE) for Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows 2008. While Microsoft addressed this issue in October with Microsoft Security Bulletin MS08-067, and Forefront antivirus and OneCare (as well as other vendor’s antivirus products) helped protect against infections, many systems that have not been patched manually through Server Update Services and Microsoft/Windows Update or through Automatic Updates have recently come under attack by this worm. Attacked systems may lock out users, disable our update services and block access to security-related Web sites:

In response to this threat, Microsoft has:

  • Updated the January version of the MSFT to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associated Knowledge Base article (see next bullet point)
  • Created the KB article 962007 “Virus alert about the Win32/Conficker.B worm” to provide public details on the symptoms and removal methods available to address this issue.
  • Announced the release of the items and the virus threat itself on the Microsoft Malware Protection Center blog.

It is Microsoft’s hope that these resources can assist you in resolving issues with unpatched, infected systems and that you can apply MS08-067 to any other unpatched systems as soon as possible to avoid this threat.

Technorati Tags: , , , ,

Don’t be fooled… GoMessenger – Subject: You’re BLOCKED

I’m sure that regular readers wouldn’t be caught by this, however, it’s a timely reminder to be extra careful with your passwords!

I received an e-mail today “Subject: You’re BLOCKED” claiming to be from MSN Messenger. My e-mail spam filter reacted and blacklisted it automatically.

However, you might be tempted by its content, it reportedly will tell you who has blocked you on MSN Messenger…

My advice is simple, ignore it. There are a few clues on the page that suggest it’s not as professional as it seems: “This site not modify your nickname”. Why would it do that? Why would it need to say that? Plus, it’s not grammatically correct. These are just a few clues. Diving into the source code for the page, suggests that there’s some Google Ad scam going on too.

Even if it does what it says it will do, it’s still harvesting your password, which is something we need to avoid.

Technorati Tags: , , ,

Regulate the Internet? The banks were regulated…

I don’t usually dive into the political sector in this blog, however since this topic has a technology theme about it, I’m making an exception!

In a recent newspaper interview, Andy Burnham, the secretary of state for the Department of Culture, Media and Sports (DCMS) expressed his desire to regulate the Internet. Mike Butcher over at TechCrunch does a good job of writing up, so I won’t bore you with my musing on the subject. Mike’s article can be found here: UK government wants to regulate the Inter Tubes

Of course, we know that the same Government-owned civil servants were responsible for regulating the UK banking system, look what happened to that. It’s probably fair to say that if the Government wants to regulate something, it has have a demonstrable track record and it really should finish what it started with the banking crisis.

Until the Government realise that regulation isn’t necessarily the answer, send your comments about regulating the Internet to Andy via his recently set up Twitter account (30/12/2008 update: this account is now suspended, presumably awaiting the real Andy Burnham to claim it…how long will we have wait?)

Technorati Tags: , , , ,

047 – Stephen Lamb on security, community, Linux and Twitter

Fifth the in the Twelve Podcasts of Christmas 2008!


Stephen, with the TVP Building 2 Christmas tree in the background!


“Identity management is important. As soon as folks know what you look like, every Santa and his elf want to podcast with you!”


One of Stephen’s sessions at the Birmingham launch (mentioned in the podcast!)

Heroes Happen Here

Earlier this year, 2008, Birmingham was host to the Microsoft Heroes Happen Here product launch. VBUG’s Andrew Westgarth and myself were allowed to roam around recording interviews with many of the Microsoft Executives and Microsoft evangelists!

In this podcast, we’re sitting on a comfortable sofa with Microsoft’s Stephen Lamb. Recorded in March 2008, it is before Stephen switched to his PR role, so the topic is security. However, HHH was a community event too, so we chat about community for a bit too.

I do have a more recent podcast with Stephen, recorded early December 2008. It covers Stephen’s new PR role and will be released as part of the Twelve Podcasts of Christmas!

Podcast feed – subscribe here!

This podcast: http://www.craigmurphy.com/podcasts/047-Stephen-Lamb.mp3

Resources
Eileen’s blog
Andrew Fryer’s blog
Stephen Lamb’s blog
Viral Tapara’s blog

The Twelve Podcasts of Christmas 2008
01 – Kyle Baley on ALT.NET and Brownfield Development in .NET
02 – Aaron Parker on Microsoft Application Virtualisation
03 – Caroline Bucklow from IT4Communities: charitable software development
04 – Eileen Brown on IT Professionals, TechNet, Women In Technology & Girl Geek Dinners
05 – Stephen Lamb on security, community, Linux and Twitter
06 – Cristiano Betta on Geek Dinners
07 – David Yack and Jonathan Carter on ALT.NET, MVC and Community
08 – Andrew Fryer on SQL Server 2008 and “upgrade”
09 – Viral Tarpara on Collaboration, SharePoint, Open Source (Port 25) and Community
10 – Guy Smith Ferrier on Internationali[s|z]ation, VS2008, .net 3.5, C# language features
11 – Matt Dunstan on event management, “engagement” and life as an Application Platform Manager
12 – Stephen Lamb on his new role in marketing / PR

Technorati Tags: , , , , , , , , , , , , , ,