Computer Internet network security News

Note This procedure assumes that Windows XP is installed to the C:\Windows folder. Make sure to change C:\Windows to the appropriate windows_folder if it is a different location.

If you have access to another computer, to save time, you can copy the text in step five, and then create a text file called “Regcopy1.txt” (for example). To use this file, run the following command when you start in Recovery Console:

batch regcopy1.txt

With the batch command in Recovery Console, you can process all the commands in a text file sequentially. When you use the batch command, you do not have to manually type as many commands.

Part two

To complete the procedure described in this section, you must be logged on as an administrator, or an administrative user (a user who has an account in the Administrators group). If you are using Windows XP Home Edition, you can log on as an administrative user. If you log on as an administrator, you must first start Windows XP Home Edition in Safe mode. To start the Windows XP Home Edition computer in Safe mode, follow these steps.

Note Print these instructions before you continue. You cannot view these instructions after you restart the computer in Safe Mode. If you use the NTFS file system, also print the instructions from Knowledge Base article KB309531. Step 7 contains a reference to the article.

In part two, you copy the registry files from their backed up location by using System Restore. This folder is not available in Recovery Console and is generally not visible during typical usage. Before you start this procedure, you must change several settings to make the folder visible:

These files are the backed up registry files from System Restore. Because you used the registry file that the Setup program created, this registry does not know that these restore points exist and are available. A new folder is created with a new GUID under System Volume Information and a restore point is created that includes a copy of the registry files that were copied during part one. Therefore, it is important not to use the most current folder, especially if the time stamp on the folder is the same as the current time.

The current system configuration is not aware of the previous restore points. You must have a previous copy of the registry from a previous restore point to make the previous restore points available again.

The registry files that were copied to the Tmp folder in the C:\Windows folder are moved to make sure that the files are available under Recovery Console. You must use these files to replace the registry files currently in the C:\Windows\System32\Config folder. By default, Recovery Console has limited folder access and cannot copy files from the System Volume folder.

Note The procedure described in this section assumes that you are running your computer with the FAT32 file system. For more information about how to access the System Volume Information Folder with the NTFS file system, click the following article number to view the article in the Microsoft Knowledge Base:

Windows security fix, registry, tools, Windows security

The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P’, automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P’. The techniques for automatic patch-based exploit generation, and show that some techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update.In many cases one is able to automatically generate exploits within minutes or less. Although our techniques may not work in all cases, a fundamental tenet of security is to conservatively estimate the capabilities of attackers. Thus, our results indicate that automatic patch-based exploit generation should be considered practical. One important security implication of our results is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update, may allow attackers who receive the patch first to compromise the significant fraction of vulnerable hosts who have not yet received the patch. Thus, it is  concluded  update schemes, such as Windows Update as currently implemented, can detract from overall security, and should be redesigned.

Attackers can simply wait for a patch to be released, use these techniques, and with reasonable chance, produce a working exploit within seconds. Coupled with a worm, all vulnerable hosts could be compromised before most are even aware a patch is available, let alone download it. Thus, Microsoft should redesign Windows Update. We propose solutions which prevent several possible schemes, some of which could be done with existing technology.

Computer-security automatic patch, patches, vulnerability present, worm

Current iterations of Wi-Fi boast ranges of around 40 meters inside a building and up to 90 meters outside. Those distances, combined with the sheer number of Wi-Fi networks out there, mean that an active wireless client is often within range of tens if not hundreds of wireless networks at any given time. Some of these are secured and will be labeled as “security-enabled” on a user’s Windows menu of available wireless networks. But many available networks are not secured.These available networks might be residential networks that their owners didn’t bother to encrypt. They might be municipal Wi-Fi mesh networks that span whole cities. They might be other hotspots from nearby businesses. And yes, they might be malicious rogues that are set up to steal private data — the aforementioned evil twin. Usually, Wi-Fi networks are labeled with a service set identifier (SSID), and it’s important to pick the right SSID from the list of available networks when signing on to a public hotspot. This is usually a matter of common sense. Clearly, a user looking to connect to a commercial hotspot probably wants to avoid a network called “apartment3A_rulez!!!” But it’s not always so clear; a wireless network menu often yields networks that are simply named “Linksys” or “Netgear.” A network named for a hardware manufacturer is probably indicative of someone who just plugged in an access point right out of the box and didn’t bother with any further configuration. It might be an easy opportunity to score some free Wi-Fi signals. But, and this is a big but, it also could be an evil rogue access point. While it may be tempting just to pick a network and connect for free, it’s too much of a security risk.

If users are in a small business venue with free Wi-Fi access, such as an independent coffee shop or a pubic library, then it’s a good idea for them to ask the business manager (or librarian) for the correct SSID. If users are at a hotspot that charges a fee for Wi-Fi access, then they should be sent to an introductory Web page that asks for authentication and/or billing information. That should happen as soon as they connect to the network and open a Web browser. (Starbucks coffee shops, for example, have a partnership with T-Mobile, so Starbucks customers should automatically be taken to a T-Mobile log-in page.)

If a log-in page requires credit card information, users should make sure that that log-in page employs SSL encryption. (Generally SSL encryption is a given for any site that has “https” in the Web address.) Furthermore, they should make sure nobody is watching them type in that information. People tend to zone out when they’re online and they forget that there are people around them, some of whom might be bad people.

Wireless network security free wi fi, security risk, wi fi access, wireless networks

Disabling ad-hoc networking is one way to prevent a computer from connecting to wireless networks indiscriminately. Turning the dang radio off is a sure-fire way, and users should do that whenever they’re working offline. You wouldn’t leave the engine running at a drive-in movie, would you? Here’s how to turn the radio off in Windows:

1. Right-click on the wireless network icon in the right-hand corner of the screen. (That’s the picture of the computer with radio waves coming out of it.)
2. Click disable.

“If you’re in transit, on an airplane, for example, and there’s no [Internet connection] anyway, then you should turn your radio off,” Durst says. “If you leave it on, it will keep on trying to talk to other machines.”

Corporate travelers also should be sure to turn their radios off before they return to the office and plug back into the corporate network. This goes for both laptops and Wi-Fi-enabled handheld devices. Anything with a Wi-Fi radio can find Wi-Fi networks that reside outside the office walls. Once they’re back in the office, those radios can form a bridge between a nearby hotspot and the corporate network, creating an inadvertent security threat.

Wireless network security hotspot, Networking security, wireless networks

Available in coffee shops, hotels, airport terminals and libraries, public Wi-Fi hot spots have become almost as common as public toilets. There are more than 150,000 wireless LAN hotspots worldwide today, a number that will grow to more than 200,000 by the end of 2008, according to research firm Gartner, and not a moment too soon. The typical small business traveler heeds the call of the office even more often than the call of nature, and Wi-Fi hotspots bring convenient relief.

But there’s a downside. Public Wi-Fi hotspots have more in common with public toilets than mere convenience. Some are safer than others. And users who don’t employ them cautiously run the risk of catching a virus. (Furthermore, they risk letting intruders gain access to their company data.)

Unfortunately, it’s pretty common for public hotspots to prioritize ease of use over security. And it’s very easy to set up an unsecured wireless network. Simply plug an access point into an electrical outlet and, voila: a hotspot! The problem is that hotspot administrators often don’t bother to employ encryption protocols such as 802.11i or WPA (Wi-Fi Protected Access.)

Even if encryption protocols are employed, there are still plenty of tools that bad guys can use to eavesdrop on a user’s network session. For example, there’s the evil twin — a wireless access point that disguises itself as a public hotspot for the purpose of stealing network passwords, credit card numbers, and other private data from unsuspecting users.

Furthermore, there’s myriad malware out there. Vulnerable laptop computers run the risk of infection by viruses, worms, and spyware, all of which can sabotage a hard drive and render the computer useless. This leads to huge headaches for the road warrior. (Worse, a small business employee with a contaminated computer probably doesn’t have the option of calling a 24-hour help desk and having a new computer delivered to the hotel in the morning.)

A virtual private network creates a secure tunnel between the employee’s computer and the home office’s network. Companies of any size should implement a policy requiring the use of VPN software for any remote access to the company server. Most commercial hotspot providers support VPNs.

“We use remote access for accounting, development, and testing,” says Jim O’Riordan, VP of technical services at Summit Data Communications, a wireless technology client hardware startup in Akron, Ohio. “These are all client-server applications that very often contain confidential information that requires special safeguards VPNs serve a dual-purpose for us. Not only do they provide authenticated access through the firewall, but they also guarantee data privacy over unencrypted wireless LANs.”

Wireless network security network passwords, network session, wireless access point, wireless lan

Choosing a free email account can help you safe from future threats. Before choosing an email account consider the following points. 

Use regulations: One should pay attention when opening a Free mailer  box to the use regulation, particularly whether the E-Mail addresses can be passed on or used for advertising purposes. If this is not impossible, then is to be counted on Webmails. Spam and virus: A meaningful, often free service is a Spam filter and a virus scanner. Spam filter recognizes according to certain criteria unsolicited and in great quantities sent enamels away (Unsolicited Bulk email, UBE or also Spam mentioned) and selects these; either by shifting in an own file or deletion.

Storage location: To consider is also the provided storage location. did not 1GigaByte are uncommon, a few megabyte are only enough for an Wegwerf address. Retention time: Like for a long time enamels are stored. There are Provider, which delete enamels after one month.

SSL: Does the registration take place over a secured SSL connection? By SSL (Secure Sockets Layer) one understands coding minutes for the data communication in the InterNet. Thus spying data, in this case user name and password is prevented. Availability: In the past it came in the course from system migrations to problems with Freemail. Data did not go lost, occasionally were available the service. In principle any adhesion is impossible with the free service. E-Mail accounts for business purposes should be taken up therefore rather with a debtor service.

Some good email service providers are hotmail, yahoo and gmail.

Email security free email account, free mailer, spam-filter

It is better to keep a short pencil rather keeping a long memory. This quotation is by Shakespear. During Shakespear time there was no computer so no need to use passwords in applications. Now the scenario is different, one have to remember lot of passwords but one does not have to be a memory world champion such as Cornelia Beddies, in order to be able to note passwords. The memorizing password looks an art in these days.

Always use the password which are easy to remember for you and difficult to hack you. The examples may include your mother maiden name and the year of your birth, this would be a good alpha numeric combination and difficult for some one to clue. There may be other combinations too like first school attended and your phone no. etc etc

The password should not be that small in length to be easily guess or hacked by others while it should not be too long  in order to save your time and not burden your memory cells too. I think keeping moderate length of password is enough in order to keep you safe online. One more thing to consider is using the different passwords for your different sites or accounts. Suppose you are using only one password with your email account and bank account and the password has been hacked or cracked, which means the two accounts can be hacked with one time and if the same password is in being used in different accounts then the whole of your accounts are in the hands of hackers. So it is important for you to make few passwords and memorise them in order to use in your different accounts. These passwords can be alter and use reciprocally in different accounts in future.

Passwords alpha numeric, hackers, Passwords

A security researcher has demonstrated that it’s possible to put together a Bluetooth sniffer out of an inexpensive wireless dongle, raising fresh questions about the security of the wireless technology.

Security researchers have demonstrated a number of methods for cracking Bluetooth devices– which increasingly include laptops and other computers– but such efforts often rely on sniffer hardware that can cost thousands of pounds.

Max Moser, who works as a security tester for Dreamlab Technologies and founded the remote-exploit.org website, said he was surprised to find that nearly all the work carried out by expensive hardware sniffers is implemented in software, not hardware.

That meant he was able to use commercial sniffer software with a modified Bluetooth dongle running on a CSR chipset. Such dongles can sell for around £10 (US$18) or £20.

Computer security Research bluetooth, Computer-security-Research, Computer-security-tools, reserch, tools

One animated cursor bug, many animated critics.
Microsoft ’s failure to spot the animated cursor bug in Windows Vista could be a disconcerting sign that Vista’s security-oriented development process slipped up, researchers have suggested.

“Apparently Microsoft still hasn’t learned that counting vendor acknowledged vulnerabilities isn’t a good way to establish the security of an OS. As an analysis of Microsoft’s claims on Full Disclosure shows, we see that the methodology used was badly flawed. A bug in Firefox (not to mention emacs), counts as a flaw for Linux, while IE bugs get ignored on Vista’s chart. Then we see that vulnerabilities aren’t vulnerabilities when they’re security-challenged features such as Vista’s Teredo. Also, there’s far too little consideration given to severity, given that it stoops to counting even extra access restrictions on a file in OSX to have something to show. In short, the original Microsoft analysis was good PR and poor research.”

“A version of Vista that removes security-related functionality has the potential to be an even greater turkey,” it said. “Security is a major concern for the European market and needs to be addressed on multiple different fronts. If the EU is going to ask Microsoft to remove security-related functionality then it needs to be very precise in its request and very clear why it is making the request. It has the potential to cause a major market disruption, with no benefit for the end-consumer whatsoever.”

Windows security Microsoft-security, vista, Windows-security, Windows-Vista

Adobe is working on an update to its Flash Player software that will address a widespread vulnerability found on hundreds of thousands of Web sites using flash.

The issue, first reported in December by Google researcher Rich Cannings, allows attackers to use buggy Shockwave Flash (.swf) files in order to attack Web surfers. Using what is known as a cross-site scripting attack, criminals could create fake phishing pages or, much worse, gain access to online banking sessions or Web accounts of victims in some situations.

After Cannings went public with his findings, Adobe and other software vendors fixed their development tools so they would no longer create the vulnerable Flash files, but there are still more than 500,000 of these files posted on different sites on the Internet, according to Cannings.

Because of the amount of work it would take to clean up the mess, Cannings had been encouraging Adobe to make changes to its Player software that would nullify these cross-site scripting attacks.

This fix is being developed and will be available “soon,” said Adobe spokesman Matt Rozen in an e-mail message.

Security experts say that Adobe’s chief problem now is to work out a way of fixing this bug without making it hard for users to view older Flash files.

In an interview on Friday, Cannings said that some of Adobe’s early approaches to this problem had “broken” existing Flash files in the player, but that a satisfactory fix was technically possible. If Adobe could convince browser-makers to make some changes as well, it might simplify things, he added.

Internet security adobe, flash files, flash swf files

If one speaks computer virus protection, anti-virus software and about party walls, it is important to stress that no virus protective system is harmless. Upper security of computer systems often by Haecker and computer criminals were even seeped simply, by programming a virus. Documents were deleted, accounts and identities were stolen, and confidential documents were reached by this Haeckern. This is not to say that anti-virus of softwares it are useless to underline but that these programs work and accomplish better with the support of the users. Computer viruses are programs, which reproduce themselves and documents and disks stick on. They are spread and transferred, whenever documents, disks or programs are exchanged. Email Zubehoere of well-known people, like your friends, professors, colleagues or even your boss, can be virus loading. The senders can possibly not even note that they send to you a virus. Computer virus protection, anti-virus software and party walls are developed, in order to help you, the viruses, to mark the stuck on part of your system and the process by which will contain the virus can. But, like forwards underlined, they need your support. New programs are regularly developed, and beside these, there are also new technologies sets common. With the improvements in the technology, it is naive and incorrect to assume that viruses remain, while they are. They constantly change and refined and harder to determine. Most advanced viruses are not determined, until they and steered entire systems lowered. Therefore the first trick of the virus protection is to sign to high-quality anti-virus a software. Free software can determine simple continuous screws and viruses and place under quarantine, but they would be hardpressed to determine the highly more developed kinds. Subscription requires the minimum fees, which are compared with the degree of the protection, which your computer receives. This is particularly advisable to the companies and to the large business, in which some computers a net are attached. Computers for main use and one, which are not used for the storage of the sensitive data, can do fair fine with free downloadablesoftware. Subscription causes automatically its computer virus protection, anti-virus software and party wall security to the update, whenever it is possible. This is an advantage, because you can maintain with the fast world intelligence of the new viruses. Their software, is more efficient it is updated, if they get caught the virus. Free software must be updated or regularly replaced with new versions. It is best to update your software whenever your software place of assembly alarms you the newer versions. Beside these cheat makes a blueprint a doing of the virus on documents, disks, software disks, programs, before opening or the Downloading and other applications must second nature to you be. Hold for support documents of the data and documents in your computer, if a virus arranged them to be deleted. The regular new load and “clean up” from your system lower also susceptibility to the viruses. Computer virus protection and anti-virus of softwares optimize their achievement with your assistance.

Antivirus anti virus software, computer virus protection, computer viruses

The network stack in Windows Vista was programmed by reason on new. By deciding for it, Microsoft removed a large part at proven code and writes replaced “, Symantec. And the safety specialists want to have found some safety gaps in Windows Vistas Networking software – you can see the pertinent report here http://www.symantec.com/. “defiance of the requirements of the Microsoft developers, is the Windows Vista network stack as it today stands, not completely as stably as the older Windows XP stack”, thus one of the comments. Actually, after many years in those Microsoft now innumerable safety problems to be reproached to be able had to be, could the enterprise in a situation, in which it cannot win at all. “one is criticized for it criticized, if one modifies the old code, one, if one writes, sums up new code” soot Cooper, senior information Security analyst with Cybertrust Inc.. It was always led as main point of criticism into the field that the code of the Redmonder is blown up, with all possible refuse dumps. And now it that “it is too new, is called is untested,” leads Cooper aus.Dass Symantec in the situation was to find some weak points in beta release should however with nobody to irritations lead, means Cooper. “there is a reason that products come into a beta phase, and surely not because humans want to see those changing according to standard to in racks colors.”

Windows security microsoft developers, safety specialists, windows vistas