CyTRAP Labs - Wincurity - smarter protection

Microsoft Internet Explorer 6 AND 7 (Windows XP - with Service Pack 2 or SP2) can be exploited.A remote attacker can execute arbitrary commands because of a unpatched vulnerability.

Your email:  
subscribe unsubscribe  

CyTRAP Labs security risk barometer
low	elevated	moderatelycritical	critical	severe
1	2	3	4	5

For more information about the CyTRAP Labs risk barometer you can visit here:

CyTRAP Labs security risk barometer.

_What can you do?_

operating system affected	Windows XP - with Service Pack (SP) 2 vulnerability
affected software	Internet Explorer 6 AND 7
risk	3 - moderately criticalOne must use Internet Explorer and visit a malicious web site to get infected
where is the patch?	There is a patch to download. If you have Automatic Update activated, you have to do nothing, your PC will download this patch soon. if you want to check if it works properly, please see further below for advice from CASEScontact.org
our recommendation	Download Firefox - 2 x as fast as Internet Explorer Download K-Meleon 1.06 - 3 x as fast as Internet Exporer - uses the same program code as Firefox
what is the problem?	Windows XP has a vulnerability that can be exploited with the help of Internet Explorer, not with Firefox. By tricking you into visiting a malicious web page or viewing an email message containing a specially crafted ANI file the remote attacker can get arbitrary commands executed on your system.
where can one get more details?	Get more details from CT110097 - CASEScontact.org advisory including how to check if Automatic Update works properly

German version here:

- 2007-04-03 - Microsoft veroeffentlicht fuer April ein ungeplantes Sicherheits-Bulletin

arbitrary commands, CASEScontact.org, compliance, computer virus, CyTRAP labs, CyTRAP Labs risk barometer, data security, Firefox, free tool, freeware, glossary, home computer security, home PC information security, Internet Explorer 6, Internet Explorer 7, internet security, K Meleon, k meleon, mail in html, malware, Microsoft Windows SP2 zero day exploit, microsoft windows zero day, pack sp 2, PC network protection, Privacy, security risk barometer, TROJ ANICMOO.AX, trust, windows xp

Microsoft Internet Explorer 5 AND 6 (Windows XP - with Service Pack 2 or SP2) can, because of a vulnerability, crash.

Your email:  
subscribe unsubscribe  

CyTRAP Labs advisory system
low	ele- vated	mode- rately critical	critical	severe
1	2	3	4	5

For more information about the CyTRAP Labs risk barometer you can visit here:CyTRAP Labs advisory system rein._What can you do?_

operating system affected	Windows XP - with Service Pack (SP) 2
affected software	Internet Explorer 5 & 6
risk	3.67 - critical
where is the patch?	Unfortunately, there is no patch to download. You can do some magic on your machine’s registry but we do not recommend you doing this. A simpler way is to use Internet Explorer 7But we recommend you switch to another browser that is also much faster than IE.
our recommendation	Download Firefox - 2 x as fast as Internet Explorer Download K-Meleon 1.06 - 3 x as fast as Internet Exporer - uses the same pgoram code as Firefox
what is the problem?	Internet Explorer has a vulnerability that may result in the program crashing if a pop-up Window is used when surfing a web site.
where can one get more details?	Get more details from CT110096 - CASEScontact.org advisory

CASEScontact.org, compliance, computer virus, CyTRAP labs, CyTRAP Labs risk barometer, data security, Firefox, free tool, freeware, glossary, home computer security, home PC information security, IE, internet security, internet explorer 5, internet explorer 7, k meleon, malware, Microsoft, PC network protection, Privacy, security risk barometer, service pack 2, software internet explorer, trust, vulnerability

If you have Office 2007 installed on your machine, you can use either the new formats or you can change the default format back to

- .doc or

- .xls etc.

However, we suggest you swith Office 2007 applications to the old document formats since most of your peers will otherwise be unable to open the document.

For Office 2000, 2002 or XP users we we pointed out that Office 2000 or XP users could get the FREE compatability pack to read files from Office 2007 (e.g., Word or Excel) here:

- CyTRAP Lab’s Choice - free tool - Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 file formats

Put you need to be careful, because in the requirements for the Compatibility Pack it says:

‘please install all High-Priority updates from Microsoft Update before downloading the Compatibility Pack’

That’s a fairly standard wording but in this case Microsoft really means it.

Some of our colleagues discovered, unless you have a fully up to date version of Office with all the service packs and security packs to date – the Compatibility Pack may not work fully. One of our colleagues discoved that it worked for Word but not Excel or Powerpoint.

Add the Office patches (however minor and irrelevant they might seem) and all is well.

Need step-by-step instructions on how to get the Windows and MS Office patches installed on your computer before getting the Microsoft Office Compatability Pack? No problem, check this link, it works:

- CyTRAP Labs Tip - What to do if you are not sure if your Automatic Windows Update works properly and you have all the updates for MS Office and Windows on your PC?

_Please Keep in Mind_

If you use Office 97 or a previous version, unfortunately, Microsoft has not supplied a a compatibility pack. It probably never will.

However you can get a free service to convert documents using a conversion process. But it is not as complete as what the compatability pack from Microsoft offers:

- converting Microsoft Office 2007 documents for use with Microsoft Office 97

Another possibility is to use the free Office Viewers with the compatibility pack, this will let you open .docx files then copy and paste the contents into a standard document.

_PS._

In German you can get this posting within 24 hours here:

- Sie nutzen Office 2007? Dann entscheiden Sie welches Format zur Speicherung von Dateien genutzt werden soll

Your email:  
subscribe unsubscribe  

CASEScontact.org, compatability, compliance, computer virus, CyTRAP labs, data security, default format, Excel and PowerPoint 2007 file formats, free tool, freeware, glossary, home computer security, home PC information security, internet security, malware, Microsoft Office 2007, Microsoft Office 97, Microsoft Office Compatibility Pack for Word, microsoft update, ms office, PC network protection, priority updates, Privacy, security risk barometer, trust, Windows 98, windows update, word excel

Username and Passwords are important to protect data, unfortunately, how is one to keep track of all of them? It is better to write down passwords than not being able to remember them but unless you put them in a safety box, writing them down on a piece of paper that a thief can find on your desk is not very helpful. Here we provide you with a nifty tool to lock up your passwords safely on your PC’s hard-drive.

_Problem_

We all have to keep track of tons of usernames and passwords. Naturally, we do not want to keep a list of passwords on our desks… but how to keep track of all these passwords that should be changed every 3 months?

_Solution_

Get a program that allows you to write down all usernames and passwords while keeping those safe and secure on your hard-drive.

_Facts about PasswordSafe V3.06 _

cost	freeware - GNU General Public License (GPL)
software	PasswordSafe V3.06
release date	2007-02-15
platforms	Win 95/98/NT/2000/XP/ Pocket PC, Linux/Unix
author	Counterpane - Bruce Scheier and many more
languages	Deutsch, Englih
size of download	950 KB
download	free PasswordSafe V3.06
more information	FAQ and more Info about PasswordSafe V3.06

PasswordSafe V3.06 has the advantage that one can operate extremely easily and it runs fast and easy in the background if this is desirable.

_Evaluation sheet about PasswordSafe V3.06_

advantages	It takes very few resources, starts fast and is always available if need be. One does not have to do much, click on the name of the account, right click the mouse and connect to the URL. Then past password (CTRL V) into password space and its done. This way, keyloggers have no chance, since the password is not being typed when logging into one’s account or online banking service.
disadvantages	There might be a few but we are not really aware of any and we have been using this program for quite some time.

Please subscribe to our service it is free:

Your email:  
subscribe unsubscribe  

banking service, CASEScontact.org, compliance, computer virus, counterpane, CyTRAP labs, data security, desks, free tool, freeware, glossary, gnu general public license, gpl software, home computer security, home PC information security, identity protection, identity theft, internet security, keyloggers, malware, nifty tool, nt 2000, PasswordSafe, PC network protection, pc linux, phishing, Privacy, protect data, safe and secure, security risk barometer, thief, trust, usernames and passwords, win 95

A short while back we posted a story here about changes regarding dailight saving time in North America.

- - Compliance & configuration management - Daylight Saving Time - Don’t let your computer fall behind

However, things have not been working perfectly. In fact people have discovered that time synchronization with the NIST servers failed to work properly for about a week. It still fails over here in Europe at least on our machines.

Your email:  
subscribe unsubscribe  

It is a surprising mishap …. because NIST provides us with all these wonderful information security guides and checklists that help us better protect our systems. Just have a look on our sister newsblog at EU-IST News, its quite interesting how long it seems to be taking.

- NIST information security standards …. but Internet time synchronization still fails

CASEScontact.org, compliance, computer virus, configuration management, CyTRAP labs, dalight saving time, data security, EU IST news, europe, glossary, home computer security, home PC information security, internet security, internet time synchronization, legal compliance, malware, NIST, PC network protection, Privacy, security risk barometer, time synchronization, trust

Be careful with your Xbox live account since your identity may be stolen including your valuable points…. hackers are exploiting a weakness right now.

Of course, this warning is important to Xbox live account holders and Zume plaer users only…. if you are, better read on!

Get the German story about this here:

- Warnung CyTRAP Labs - Xbox Konten wurden von Hackern geknackt

CyTRAP Labs advisory system
low	guarded	moderately critcial	critical	severe

==>For more information about the above scale see CyTRAP Labs risk monitor - risk barometer explained_Risk analysis - Xbox update_

category	in short	scale
Overall risk	We assess the overall risk by looking at the threat, vulnerability and impact as moderaltely criticalWhy: Unless you visit XBox right now you should be okay but if you do, watch out, it is being exploited right now).Risk: Watch out it works like identity theft and it happens faster than you think. Since Microsoft admits that it is apparently unable to do anything right now against these hackers, be careful.	critical4

Subscribe to our advisories and newsletters here:CyTRAP Labs subscription portal_Facts_

Rumor going around is that Bungie.net was hacked and that a portion of Xbox live has been taken over because of it.The result is that some people are having their Microsoft points stolen and or points purchased via their stolen gamer tag.

Xbox live technical support people seem to have confirmed this stating that accounts are being stolen and that:

“Hackers have control of Xbox live and there is nothing we can do about it”

_Important_

Here is someone on YouTube with the same problem, …. using a capture card to get the person on video talking about stealing people’s account. The person being ‘inteviewed’ says that he can steal any account on one’s xBox with just having one’s IP address.

While one side of the conversation has been cut out but you can clearly hear the gentleman talking about stealing the account.

- Video - how it is being done - watch and wonder - “Your shit is getting jacked just so ya know” - The FB Hacker Discovered

_PS._

1) Microsoft points are directly tied to $$$

2) 2000 points get the user the equivalent of about U.S. $25.

3) Zune Market Place and Xbox live share the same system for points / dollars.

_UPDATE_

Here is an exhaustive list of people experiencing the problem as well as a possible source of the account theft:

- Clan Infamous

The criminals claim to be Xbox live employees. Hence, using pretexting (i.e. the practice of getting somebody’s personal information under false pretenses) they collect account details from their victims.

barometer, CASEScontact.org, compliance, computer virus, cybercrime, CyTRAP labs, CyTRAP Labs risk monitor, data security, FB Hacker Discover, gamer tag, hacker, home computer security, home PC information security, identity protection, identity theft, internet security, malware, Microsoft, PC network protection, phishing, Privacy, risk analysis, security risk barometer, trust, victim, vulnerability, XBox, xbox live, xbox update, You Tube, Zune Market Place

_Problem_

Whenever one has to create a new document for Word or Excel, it is usually quite time-consuming.

To save time, Microsoft has up on its website over 300 templates you can download for free for Excel, Word and Powerpoint applications, things you never dreamed possible and much down to earth stuff (e.g., spreadsheet stuff for accounting).

CyTRAP Labs’ Choice - free templates - more than 300 for Microsoft Office

The above lists them according to applications, such as calendar, invitations for business reception, reminder to pay bill, etc.

Incredible resource. These are templates that allow you to work faster with MS Office, shared by Microsoft customers by donating their template(s) and uploading them to Microsoft’s website.

However, below there are some free programs you may want to use with MS Office. You did read correctly, while the above things are give-aways from Microsoft customers to Microsoft customers, below we have some goodies for you that Microsoft is giving away for FREE.

_Question_

So Microsoft publishes a few programs that it distributes for free (e.g., Microsoft Messenger). Unfortunately, it takes a lot of time to find these goodies because Microsoft has choosen not to list them all on one webpage, instead you have to search and digg for them to find these gems.

NO MORE! Below we provide you with a link to a resource that has all these programs listed on one webpage…. no more searching and wasting of time…. one click away.

Your email:  
subscribe unsubscribe  

_Solution_

This site lists the free Microsoft programs for:

- Windows XP

- ebooks

- utilities

- support and troubleshooting (e.g., Windows Installer CleanUp Utility can remove a program’s configuration information if experiencing installation (Setup) problems very handy indeed).

Get the whole list with OVER 150 MICROSOFT FREEBIES HERE:

- ultimate list of free windows software - MS-Office - utilities, tools and so on from Microsoft

Nex week we will bring you some more goodies of this kind.

CASEScontact.org, compliance, computer virus, CyTRAP labs, CyTRAP Labs Choice, data security, free software, free microsoft, free windows software, give aways, goodies, home computer security, home PC information security, internet security, malware, microsoft customers, microsoft messenger, microsoft office, microsoft programs, PC network protection, Privacy, security risk barometer, templates, trust, Windows Installer CleanUp Utility, windows installer cleanup utility

_Problem_

Microsoft has abandoned its support for Windows 98.

_Question_

How can one get the updates?

Your email:  
subscribe unsubscribe  

_Solution_

This classic Windows 98 site is still being updated and is a mandatory visit for all Win98 users. The resources offered are extensive.

- resources include a downloadable unofficial Windows 98 Service Pack 2

- a tutorial teaching how to incorporate ME enhancements into Win98 and

- much more.

There is a small disadvantage, the site layout will give you eye strain but that’s a small price to pay for the great tips and utilities you can get for free.

- MDGx Max Speed - WinDOwS - Tricks · Secrets · Bugs · Fixes … Serving strictly the BEST tweaks to millions of readers since 1993

More tools this week and next week, so stay tuned.

bugs, CASEScontact.org, classic windows, compliance, computer virus, CyTRAP labs, data security, home computer security, home PC information security, internet security, malware, Microsoft, PC network protection, Privacy, security risk barometer, service pack 2, speed windows, trust, win98 users, Windows 98, Windows ME, Windows update, windows 98 service pack 2, windows tricks