Why changing the password on your router is a must thing to do.

Why changing the password on your router is a must thing to do.
First lets look at how a router works. A router is a piece of equipment which takes packets (packages of data), and sends them to where they are trying to go. A simple analogy would be a traffic policeman at a busy intersection. Cars want to go through the intersection, but without the policeman, there could be accidents. So the policeman takes control of the intersection, controls when and where the cars can go, and makes sure that no accidents happen. The policeman would be our router, each road which meets at the intersection would be one of the networks connected to the router, and the cars are the packets. Now lets take this analogy a bit further. The policeman spots someone he suspects of being a criminal, a bank robbber for example. Fortunately, the policeman is in control of the road leading to the bank! So the policeman then stops the bank robber's car from using the road to the bank, and saves the bank from robbery. In computer science terms, this is known as a firewall, and stops hackers from entering some networks. But what if the bank robber's knew of a different road to take and knew the security code to the bank? They could park out back of the bank, disarm the alarm and walk wright in. The same is true for routers. All some one needs is your IP address and the default password to the router on your network. Your router has two IP addresses. the one that the internet can see is the one that your internet provider gave you. The router then assigns an IP to each machine on the network. this IP can not be seen from the internet. So how dose bad guys or girls get this info? This info is easy to find, a pice of spyware could pick it up or just look at the header of an email that you sent or received. A bad guy only needs to type the IP address provided by your internet service in the address bar and a box will appear. most of the time it will tell you what router you are connecting to. With that info all you need is the default password and user name and BINGO your in.
The intruder can now set your router up any way he or she want's. This also means that they could gain access to your computer/s.
By the way, a list of default names and passwords can be found at http://www.phenoelit.de/dpl/dpl.html. I am telling you about the list for research only.
So change your password on your router and you will not only keep intruders out, you will have a grate firewall as well.

Xbox 360 is overheating.

All hardware launches are afflicted by a small percentage of problems; and it seems Xbox 360 is no exception. The forums today include some irate Xbox 360 owners who are experiencing overheating problems, likely to do with the hard drive. One owner claimed Microsoft had stated it had "received numerous calls".

Here's what they had to say. We're awaiting a response from Microsoft.

TomStrong at GA-Forum wrote

"I play Kameo (interesting game) for about 30 minutes and the 360 crashes!!! Ugh.... Power adaptor goes from solid green to a flashing orange.... What next? Well, shoot off an email to MS, get one back not too long ago, find out that the flashing orange means that Xbox has overheated!

Zeebo at Xbox Scene wrote

"I just received my Xbox 360 today. It was freezing cold so I let it sit for about an hour. Plugged everything in got it up and started playing COD 2. I completed training and while it was loading it just went to a black screen. I waited for awhile and nothing happened so I turned it off, let it sit and turned it back on. I turned it back on to 3 red flashing lights. The top left and the two bottom.

"I found out that it's the hard drive. They said they have received numerous calls already. I unplugged my hard drive and it worked fine. Put it back on my box and red lights again."

Reaver at TeamXbox wrote

"It worked when I set all my settings up. But I put in PGR3, it freezes when I get to the menu, did it 3 times. I put in PDZ, it freezes in the menu."


Yannira also at TeamXbox wrote

"All five of the games I bought freeze up after a few minutes, I am assuming because of the 360 heating up. It gets unusually hot, the game discs as well are red hot.

Crash reports hit Xbox 360

Microsoft on Wednesday said some Xbox 360 owners are reporting problems with the new video game console that debuted in North America earlier this week.

"We have received a few isolated reports of consoles not working as expected," Microsoft spokeswoman Molly O'Donnell told Reuters in a telephone interview.

Enthusiast Web sites such as Engadget.com and Xbox-scene.com, as well as Microsoft's own Xbox Web forum, carried postings on Wednesday from Xbox 360 owners reporting that some systems had crashed during regular play as well as during online game play using the Xbox Live service.

Problems included screens going black and the appearance of a variety of error messages.

"So, the Xbox 360's been available for, what, 15 minutes, and already the crash reports are streaming in," a poster on Engadget said. The sites did not say how widespread the problem was.

The machine is the first of a new generation of consoles offering high-definition graphics and has been snatched up by game enthusiasts since its launch on Tuesday.

O'Donnell, who declined to say how many reports the company had received, said calls represent a "very, very small fraction" of units sold. The number of calls was not unexpected, she said.

"With any launch of this magnitude, you're bound to see something happening," she said.

O'Donnell said the best way to resolve the issues is to call 1-800-4MY-XBOX for trouble shooting. If that does not solve the problem, she said, Microsoft will repair or replace the unit.

Installing a CD recorder or DVD player/recorder

I found this at http://www.helpwithpcs.com
This guide will take you through the process of installing a CD recorder or DVD player/recorder into your PC, step by step with the aid of photos. Please Click Here to go to the full article.

Microsoft Internet Explorer exploit

Websense® Security Labs(TM) has had several reports of a new unpatched vulnerability within Microsoft Internet Explorer. The new vulnerability affects users of Internet Explorer versions 5.x, 6.x , and even SP2 users. The flaw exploits a vulnerability within the methods used by Internet Explorer to handle requests to the window object. Although we have not seen any sites using this vulnerability in the wild, we have modified our honey clients to start scanning for exploits, and will keep customers abreast of the latest results.

Upon classifying sites using this exploit, Websense Security Labs will issue real-time security alerts to customers to prevent them from accessing infected sites.

There is proof-of-concept (POC) code on the Internet and often malicious code authors simply modify the POC for their own purposes.

There is currently no patch available. Details are available from the Microsoft Website:

http://www.microsoft.com/technet/security/advisory/911302.mspx

For additional details and information on how to detect and prevent this type of attack:
This is a good reason to use Firefox, Netscape or Mozilla
You can fine links to these on this site

A list of Sony rootkit CD's

Sony has released a list of the CD's that contain the rootkit.
Click Here to view the list

Sony's Official Apology

November 18, 2005 Letter To Our Valued Custome

SONY BMG COMMENCES COMPACT DISC EXCHANGE PROGRAM FOR XCP CONTENT PROTECTED CDS

-- Provides Overview of Actions to Date on XCP Software --

New York, NY - November 18, 2005 - SONY BMG Music Entertainment today announced the commencement of a mail-in program through which consumers can exchange compact discs (CDs) containing XCP content protection software for a replacement version of the same CD without the XCP software, in addition to receiving MP3 files of that CD.

XCP content protection software is included on 52 SONY BMG titles. Further information about the exchange program, including an FAQ for consumers about XCP technology and a list of titles may be found at the website dedicated to providing consumers with information on this subject, http://cp.sonybmg.com/xcp.

Consumers can also download a software update from SONY BMG's website at http://cp.sonybmg.com/xcp. This update addresses the security vulnerabilities associated with XCP software.

In addition to consulting the list of titles at the website, consumers can identify titles with XCP content protection by checking the back of the CD packaging. If there is a black and white table with the words "Compatible With", and if the URL in that table ends with the letters "XCP" (http://cp.sonybmg.com/xcp), that indicates the disc contains the XCP software.

Information on the CD Exchange Program
Consumers who wish to exchange their XCP content protected CDs or also receive MP3 files of the titles in addition to their replacement CDs should visit http://cp.sonybmg.com/xcp for a list of titles and versions, specific instructions and shipping information. There will be no charge to consumers for shipping in either direction.

In addition to providing replacement CDs by mail, SONY BMG is making available MP3 files to consumers who are exchanging their XCP content protected CDs. Consumers who choose to receive MP3 files will receive an e-mail with a link to the MP3 downloads upon SONY BMG's receipt and verification of their XCP CDs.

SONY BMG's Actions to Date Regarding XCP Software
SONY BMG has taken the following actions with respect to XCP software:

1. SONY BMG has ceased manufacturing compact discs with XCP software.

2. SONY BMG is working with its retail partners to withdraw compact discs with XCP software from distribution and retail chains. It has asked retailers to cease sale of those discs and to return them to SONY BMG. This withdrawal program has been and is being widely communicated.

3. SONY BMG is moving as quickly as the manufacturing process will allow to replace all compact discs with XCP that are present in the chain of distribution with non-copy protected discs.

4. As announced today, SONY BMG has commenced an exchange program whereby any consumer who has purchased an XCP-protected compact disc will be able to receive a replacement, non-copy protected disc and MP3 files of the titles.

5. Consumers can download a software update from the SONY BMG's website at http://cp.sonybmg.com/xcp/english/updates.html. The effect of this update is to "uncloak" the XCP components on the user's hard drive, thereby allowing anti-virus software to detect it and block any viruses from exploiting it.

6. SONY BMG is will soon make available a revised and secure procedure for consumers to uninstall the XCP software from their computers. The removal of XCP (and the downloading of the software update) does not affect the consumer's ability to play and use any music from an XCP-protected compact disc already transferred from the disc to the computer.

7. In addition, Microsoft and the major anti-virus companies have been made aware of the security issues that have been raised. The anti-virus companies have issued updates to their customers to address potential vulnerabilities arising from the installation of XCP software.

SONY BMG's Commitment to User Privacy and Software Security
SONY BMG is committed to testing, verifying and disclosing to consumers, its use of any copy protection technology.

SONY BMG is reviewing all aspects of its content protection initiatives to be sure that they are secure and user-friendly for consumers. As the company develops new initiatives, it will continue to seek new ways to meet consumers' demands for flexibility in how they listen to music, while protecting intellectual property rights.

Background Regarding XCP Software
Security concerns have been raised regarding the use of CDs containing XCP software in computers. These issues have no effect on the use of these discs in conventional, non-computer-based CD and/or DVD players. This content protection technology was provided by a third-party vendor, First4Internet, and was designed to prevent unlimited copying and unauthorized redistribution of the music on the disc.

SONY BMG MUSIC ENTERTAINMENT is a global recorded music joint venture with a roster of current artists that includes a broad array of both local artists and international superstars, as well as a vast catalog that comprises some of the most important recordings in history. SONY BMG is 50% owned by Bertelsmann A.G. and 50% owned by SONY Corporation of America.

Sony BMG rootkit lawsuit

A lawsuit has been filed against Sony BMG over the recent discovery that Sony includes a rootkit on its music CDs.

The class action lawsuit filed against Sony BMG in California was filed by attorney Alan Himmelfarb on behalf of Californians who have purchased any Sony BMG CDs with the secret rootkit style software.

Sony BMG rootkit lawsuit First 4 Internet Alan Himmelfarb

The software, provided to Sony by British company First 4 Internet, cloaks itself so that it is invisible to the average user once installed on their computer, and, it is alleged, opens up a back door so that others can take advantage of the cloaking technology to put malicious software on the user's system. The Sony rootkit also is claimed to report back to Sony on the user's use of the Sony product.

In addition to the lawsuit filed by Mr. Himmelfarb in Los Angeles, New York attorney Scott Kamber is looking into filing a similar lawsuit in New York, and the Electronic Frontier Foundation is also looking into filing a lawsuit.

According to a statement by the Electronic Frontier Foundation ("EFF"), “We’re considering whether the effect on the public, or on EFF members, is sufficiently serious to merit a lawsuit.”

In the meantime, several anti-virus vendors have pledged to release software to remove the Sony rootkit, and the EFF has released a partial list of the CDs affected. They include Neil Diamond, Celine Dion, and Van Zant CDs.

Sony DRM uninstaller open to malicious websites using them as an attack vector

Websense® Security LabsT has received reports of websites that are using the Sony DRM uninstaller as a means to perform malicious actions on end user machines.

Security researchers discovered that the recently released Sony DRM uninstaller included a COM object that it dropped on the machine in order to uninstall the highly publicized rootkit that gets installed as part of some Sony Music DRM software. The COM objects are not removed after installation and leave the machine open to malicious websites using them as an attack vector.

Websense Security Labs added detection mechanisms to its data classification and internet mining techniques soon after discovery of the possible vulnerability was reported. Although we have not seen many sites to date, the potential for sites using this to exploit end users is high.

The included site example infects users when they visit the website. Any user who has downloaded and run the Sony uninstaller program is susceptible to this attack. In the example below, users' machine are restarted upon accessing the site. However, there is the potential for more nefarious actions to have been done.

The site is hosted in the United States.

Website Screenshot available within full alert.


For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=340

Sony's digital media malware, 'root kit'

I found this on http://www.theregister.co.uk
By Andrew Orlowski in San Francisco

Published Tuesday 1st November 2005 10:25 GMT

Get breaking Security news straight to your desktop - click here to find out how

Sysinternals' Mark Russinovich has performed an analysis of the copy restriction measures deployed by Sony Music on its latest CDs: which he bluntly calls a 'root kit'. Using conventional tools to remove Sony's digital media malware will leave ordinary users with Windows systems unable to play CDs.

While the Sony CDs play fine on Red Book audio devices such as standard consumer electronics CD players, when they're played on a Windows PC the software forces playback through a bundled media player, and restricts how many digital copies can be made from Windows. A 'root kit' generally refers to the nefarious malware used by hackers to gain control of a system. A root kit has several characteristics: it finds its way onto systems uninvited; endeavors to remain undetected; and then may either intercept system library routines and reroute them to its own routines, or replace system executables with its own, or both - all with the intention of gaining system level ownership of the computer.

What makes Sony's CD digital media software particularly nasty is that using expert tools for removing the parasite risks leaving you with a Windows PC that's useless, and that requires a full reformat and reinstall.

So is Sony bundling a root kit, or is it the latest in a long line of clumsy, and sometimes laughably inept attempts to thwart the playback of digital media on PCs?

We were inclined to the latter - but in practical terms, for ordinary users, the consequences are so serious that semantic distinctions are secondary.

In actuality both, reckons Russinovich. It's a 'root kit' that arrived uninvited, but it's also "underhanded and sloppy software" , that once removed, prevented Windows from playing his CD again (Van Zant's 'Get With The Man') he notes in his analysis.

The Sony CD creates a hidden directory and installs several of its own device drivers, and then reroutes Windows systems calls to its own routines. It intercepts kernel-level APIs, but then attempts to disguise its presence, using a crude cloaking technique.

Disingenuously, the copy restriction binaries were labelled "Essential System Tools".

But the most disturbing part of the tale came when Russinovich ran his standard rootkit-removal tool on the post-Sony PC.

"Users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files," he writes.

Which puts it in an entirely different class of software to the copy restriction measures we've seen so far, which can be disabled by a Post-It note. Until specialist tools arrive to disinfect PCs of this particular measure.

Fraudulent Microsoft Windows update site

Websense® Security Labs(TM) has received reports of a email scam disguised as a Microsoft Security Update for Explorer.exe. Users receive a spoofed email message instructing them to click on a link to immediately download and install a bugfix from Microsoft.

The link in the email takes the user to a fraudulent website, designed to appear as the legitimate Microsoft Windows update site. The security update hosted on this page is actually a backdoor Trojan horse. Upon execution, the backdoor sends an HTTP request with the IP address of the infected computer and then waits for a connection from the malware author.

The site hosting the malicious file is in the United States, the site where the IP address is reported is hosted in Germany. Both were online at the time of this alert.

Screenshot available within full alert details.

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=336

Google's search engine You WON $400.00

Websense® Security Labs(TM) has received reports of a new phishing attack that targets users of Google's search engine. Users are redirected to a spoofed copy of Google's front page with a large message claiming "You WON $400.00 !!!". Users are presented with instructions for collecting their prize money. These instructions direct users to enter their credit card number and shipping address. Once the information has been collected, users are directed to Google's legitimate website.

This phishing site is hosted in the United States and was up at the time of this alert.




For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=332

Unofficial version of Windows XP SP3 can harm your system

A Microsoft Corp. employee has warned against downloading an unauthorized version of Windows XP Service Pack 3 (SP3) that has surfaced on a popular Web site that provides software patches.

On a Microsoft user newsgroup posting last week, Mike Brannigan, an enterprise strategy and senior consultant at Microsoft, told users that downloading an unofficial version of Windows XP SP3 provided on The Hotfix.net would likely harm their computer and put them "out of support from Microsoft or an OEM (original equipment manufacturer)" because it is not an official Microsoft package.

"You would be well advised to stay clear of this fake SP3 package," Brannigan wrote in the post, which appeared on Google Groups at

http://groups.google.com/group/microsoft.public.windowsxp.general/msg/
b3e9f19f5d306677?dmode=source. "
It is not suitable for testing as it is NOT SP3. ...Anyone who installs this thinking they are getting SP3 (even as a preview) is being grossly mislead and is posing a significant potentially non-recoverable risk to their PC and data."

However, Ethan Allen, the creator and administrator of The Hotfix, asserts that though the version of Windows XP SP3 provided on his site is not necessarily the official version, it is a reasonable preview of what will appear when the official service pack is released.

Microsoft has said that Windows XP SP3 will be available after the release of Windows Vista, which is expected toward the end of 2006.

"Our pack is indeed a preview to what the official service pack will be, as these hotfixes will be in Service Pack 3 as proven by Microsoft's own knowledge base," according to a post by Allen on TheHotfix.net. "Each of these hotfixes can be obtained for free from Microsoft by calling their support lines."

Allen also wrote that while there is a possibility the SP3 on his site will make a user's machine less stable, it is not the fault of The Hotfix, because the software came from Microsoft, not the site itself.

Allen put together the preview of SP3 from software updates he received from an internal Microsoft source. In an interview Wednesday, Allen said that Microsoft has not contacted him directly about the hotfixes he has posted, but his Microsoft source told him the company was conducting an internal investigation to find out who was leaking the hotfixes to his site.

Though published reports claimed several weeks ago that there would be a third service pack for Windows XP, Microsoft shrugged off its existence until last Thursday, when the company abruptly acknowledged that SP3 would be available after Windows Vista ships next year.

Are cookies bad

Are cookies good? Are cookies bad? What are cookies?

A cookie is a very small text file placed on your hard drive by a Web Page server. It is essentially your identification card, and cannot be executed as code or deliver viruses. Dose this mean that they can't be used for evil? The short answer is yes they can. I found a article that can answer this question in grate detail at http://grc.com/cookies.htm.
grc.com is a web site ran by Steve Gibson. His site shows you how to protect your self against the evil lurking on the web.