404 Tech Support

It appears there is a malvertisement (malware being delivered through website ads) attack campaign in full force and after today I’d guess it’s on the up-swing. After having a number of people in separate physical locations report the exact same malware installed on their machine, things start looking bad. I’m never one for jumping to trends and hopping to conclusions, but I know what makes for a bad day. XP Internet Security 2010 is a Fake AntiVirus that will get installed on your machine and start reporting infections and trying to get you to buy it. (It’s a scam! Don’t give them any money!) The worst thing, however, is that the malware tools currently aren’t detecting it or able to remove the infection.

On February 16th, the United States government participated in a war game that was different from any others in recent years. Moving from the conventional attacks, threats, and worries of the past this most recent war game started with our digital infrastructure. An app was downloaded by over 20 million smart phones called March Madness. This app activated a malicious bit of code right before this simulation began and proved itself to be a worm that spread to other phones through your contact list. Meanwhile, the president’s “cabinet members” (played by former senior administration and national security officials) have convened to advise the president and plan a reaction as more intelligence and news is presented in real time.

Wednesday, I was able to check off another one of those things on the ‘To Do at least Once in your IT Career’ list by degaussing hard drives. Degaussing a hard drive means using a device that generates a strong electromagnetic field to wipe the data on the drive. This is an important step that I’ve mentioned before in the ‘Before you Recycle/Garbage that Old Computer‘ article to ensure your security and privacy; it is also required for compliance with state law for my office. Normally, we would use DBaN but that could take 20 to 60+ minutes per drive depending on the capacity and condition of the drive. The degaussing process takes about 20 seconds per drive (5-10 seconds per side). Since another IT office had just got the degausser, I decided to take it for a spin and wipe 250 drives in the time we would normally be able to do 8 (good) drives with DBaN.

Adobe is in rapid-fire for releasing updates lately and with the bugs, crashes, and exploits that keep being discovered, they need to be. A few days over a month after version 9.3 patches were released for Adobe Reader and Adobe Acrobat, 9.3.1 is released to address further concerns

From the related Adobe Security Bulletin:

A critical vulnerability has been identified in Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. As described in Security Bulletin APSB10-06, this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Following yesterday’s article detailing the ins-and-outs of OpenDNS, I have also been working on providing some context about why you should consider utilizing OpenDNS. I’m not affiliated with OpenDNS in any way though I am very impressed with their product, so I tend to come off a bit like I have a sales pitch; as I was telling my wife about it last night, she asked “What do you get out of this?”. I get nothing out of it when other people to find OpenDNS, but for my own network I would get fewer support calls and happier, more productive customers. That’s the reason I recommended it to her and the same reason I, as your Friendly Neighborhood IT guy, recommend it to you.

OpenDNS offers a service to all Internet users that goes to the core of networking to improve security, privacy, and performance. As a home user, you typically just use the DNS service that your ISP provides. The DNS (Domain Name System) server that your computer connects to has the responsibility to translate URLs that you want to visit into the IP Network Addresses of the servers that host those sites for your computer. OpenDNS provides the same basic translation as your ISP, but faster and with a few advanced features that you won’t get through your ISP or even Google Public DNS.

Deploying software through group policy is a great way to ensure all computers are up-to-date and running the same version but unfortunately, not everything runs as smoothly as we would like. I ran into a problem last Friday trying to deploy the updated Java RE 6 Update 18 where the antivirus would tie up the installer until the install process timed out. This only happened on 5 machines out of hundreds, but through it I think I found some best practices to do when you have a hung deployment trying to install on a computer.

CompTIA announced earlier this month that its certification programs would undergo a huge overhaul in order to maintain their accreditation from the International Organization for Standardization in a press release titled ‘CompTIA Announces Plan to Help IT Professionals Keep Skills Up-To-Date’. Instead of CompTIA’s certifications being good for life as they traditionally have, they are now set to expire in 3 years. As someone holding CompTIA’s A+ and Network+ certifications and studying for the Security+ certification test, this was very relevant to me.