How to stop the 'Chuck Norris' botnet roundhouse-kicking your router

Friendly Computers would like to share with you this article.

I’m receiving a lot of emails about the ‘Chuck Norris‘ botnet that’s spreading by taking advantage of poorly configured routers and DSL modems. Here’s some information about the attack and how to protect your router from getting a Norris-style kicking.

First, while there’s been a fair bit of Chuck Norris botnet coverage in the tech media, it’s not clear how widespread it actually is. Feedback I’ve been getting from the security community suggests that, as of the time of writing, this botnet isn’t very widespread. What this means is that there’s no reason to panic!

Another point I want to make is to highlight that this is a botnet attack on routers. ‘Chuck Norris’ infects MIPS-based devices (routers, DSL modems) that run Linux by guessing the administrator username and password (which most people conveniently leave on default - defaults well known to hackers). The botnet also appears to use an exploit present on D-Link systems.

Note: In case you’re wondering, it’s called because of the following line in the source code ‘in nome di Chuck Norris,’ which is Italian for ‘in the name of Chuck Norris.’

Once ‘Chuck Norris’ has a foothold into the router, it changes the DNS (Domain Name System) settings in the router and directs victims to malicious websites where malware is pushed onto the user. Malware is also installed into the router’s memory which scans the network for other vulnerable devices.

So, how can you protect yourself from ‘Chuck Norris’?

• Change all router default passwords and make sure you use a strong password.
• Update all router firmware.
• Block off or shut off remote access features.
• Get on with your life.

Note: You might need to consult your router’s manual to find out how to do all this.

If you think that your router is compromised, here’s what to do:

• Restart it (which flushes the malicious code from memory).
• Check for firmware updates.
• Reset all the settings and input them again, making sure to choose strong administration passwords.
• Scan all attached systems for malware using an up-to-date antivirus scanner (free scanner link).
• Get on with your life.

Source: http://blogs.zdnet.com/hardware/?p=7476&tag=wrapper;col1

Five Best Start Pages

What start page do you have for your web-browser? Friendly Computers would like to share with you this article.

Your start page is the first thing you see when you open your browser or load a new tab—your gateway to the rest of the web. Get the most from your start page with one of these five favorites.

Whether the start page you're using is your browser's default or you've carefully selected it, checking out these five contenders for best start page will give you a chance to decide if your current start page serves your needs or if it could use an upgrade.

First, a note on our methodology. Several popular entries in this week's Hive Five are essentially clones of each other (just for different browsers), so we opted to combine the most popular just-like-the-other options into single entries in order to give you a more diverse Hive Five. You'll notice, for example, the entry on Speed Dial-like start pages includes the Chrome start page, Opera Speed Dial, and Speed Dial for Firefox all in one entry instead of spreading them out so we could squeeze more options into the final result.

Photo by Kairos Photo.

about:blank (Free, Browser-Independent)

In modern web browsers, typing about:XXX provides various information depending on what the XXX part is. (For more on the various about: variables, gloss over this Wikipedia article.) about:blank is the universal code for "display a blank HTML document", and many Lifehacker readers prefer this as their start page—or anti-start page in a way!—because it fires up each session and new tab with a clean slate that doesn't use any unnecessary resources or bandwidth. It's fast and distraction-free.

Fav4.org (Free, Web-Based)

Fav4 is probably the most elegant of the start pages featured here—not counting the extreme-minimalist approach of about:blank. The arrangement is simple: You visit Fav4 and click on the customize gear in the lower right hand corner. From the customization menu, you can select your four favorite sites from the roster of provided sites or suggest a new site if they don't have one of your favorites. Drag and drop the four sites of your choice onto the customization side bar, and the sites will be displayed—as seen in the screenshot above—as four large icons in your browser window. You don't need to sign up to use the service—it saves your settings on a per-browser basis using cookies instead of requiring a login. Given how much of the average user's web traffic is directed at a small selection of sites, having only four sites in the bar isn't as restrictive as it would first seem.

iGoogle/Google (Free, Web-Based)

Google made two appearances in this week's Hive Five on two distinct ends of the start page spectrum. For many, Google.com is their go-to search engine of choice, so it was natural to make the basic Google search portal their start page. Others love Google as a search tool but want more out of their start page, so they use iGoogle (see the screenshot above). iGoogle is Google's widget-based start page. Not only can you embed widgets for nearly every Google service—including Gtalk, Gmail, Google Calendar, and Google Reader—you can add in additional widgets from the extensiveiGoogle widget directory.

Chrome New Tab/Opera Speed Dial/Speed Dial for Firefox (Free, Browser-Dependent)

Thumbnail-based "speed dial" start pages have grown in popularity since Opera introduced Speed Dial two years ago. You can enable or install Speed Dial-style start pages in most popular browsers in a variety of ways. Opera set the stage for thumbnail-based start pages with the original Speed Dial, which allows you to specify up to 25 thumbnailed sites on your Speed Dial page for quick access. Google Chrome has its New Tab Page, which displays your most frequently accessed web pages as well as recently closed tabs (seen in the screenshot above). Finally, Speed Dial for Firefox is a Firefox extension which brings Opera-style Speed Dial to Firefox. It's not as polished in appearance as the actual offering from Opera or self-updating as the New Tab Page in Chrome, but it gets the job done. (You can actually find all kinds of Speed-Dial style extensions for Firefox, but this version is the one that garnered the most votes.)

Custom (Free, Browser-Independent)

While some people are content with the emptiness of about:blank and others are content with the structure imposed upon them by using pre-designed start pages, a smaller but vocal minority of readers opted to build their own start pages from the ground up. Why be restricted to the form and function of a start page designed by someone else when you can build your own start page to fit your needs and tinker with it to make it as simple or complex as you need it? The start pages readers create vary as much as their HTML chops allow, but for a surprising amount of readers, the best start page is the one you design yourself and load as a local HTML document or save on your web server for personal use from anywhere you do your browsing.

Source: http://lifehacker.com/5476420/five-best-start-pages

How To Use Parental Controls in Windows 7

Friendly Computers know that you want protect your child from wrong content software or website. We would like to share with you this useful article.

The Parental Controls feature is a valuable tool for controlling the amount of time your children spend on the computer and the programs they’re using. Today we take a look at how to setup and use Parental Controls in Windows 7.

Parental Controls

To access Parental Controls open the Start Menu and type parental controls into the Search box and hit Enter.Alternatively you can open Control Panel and click on Parental Controls.When you open Parental Controls, click on the child’s account you want to set up.Make sure to password protect your Administrator account…otherwise anyone can turn off Parental Controls and use the computer with no restrictions.If you see a password hasn’t been set when you go into Parental Controls, click on the message and you’ll be prompted and Ensure Administrator Passwords.Under Parental Controls mark the radio button next to On, enforce current settings. Then you can go through and control their computer time, games, and programs.

Set Time Limits

Click on Time limits to control when your child has access to the computer. If you want to only allow a few hours each day, it’s easiest to left-click and drag the mouse across all of the time slots to block them. Then allow the time blocks when you want to make the computer available.

Control Games

Click on Games to control the type of access your child has to games on the computer. You can completely block all games or select games by ratings and game names. These game ratings are based on the Entertainment Software Rating Board.You can also select different game rating systems if it’s more appropriate for your location or if you like a certain system better than another.You can also block games based on the type of content it contains…and it gives you a lot of choices.

Control Programs

If you want to restrict certain programs on the machine, click on Allow and block specified programs then scroll through the list of installed programs and block them.

Additional Controls

Windows 7 doesn’t have a Web Filter included like Vista did. If you want additional controls like Web Filtering and activity reports, you’ll need to install Windows Live Family Safety which is part of the Window Live Essentials suite. With it you can block access to certain sites and also get access to an activity report that shows you what sites your children have been visiting. Everything can be controlled online which makes it nice if you want to access a report or change settings while at work.

The Parental Controls feature is easy to use and helps you administer how your children use the computer. Of course nothing is perfect or foolproof and the Parental Controls won’t replace good old fashioned “real parenting” but it makes it easier.

Download Windows Live Family Safety

Source: http://www.howtogeek.com/howto/10524/how-to-use-parental-controls-in-windows-7/

PC Maintenance: What Tasks When?

Friendly Computers would like to share with you this article.

Daily: Backup your data. You don't want to lose yesterday's work anymore than you want to lose last week's, so your documents, pictures, and application data should be backed up daily. For details, see 7 Backup Strategies for Your Data, Multimedia, and System Files, and consider one of the first three strategies.

Weekly: Scan for malware. Your real-time antivirus program isn't perfect; something evil could slip by it. So to be on the safe side, get a second opinion every week by scanning with another security program.

For that second opinion, you need something reliable, you want something free, and you don't need anything with real-time protection. So I recommend either SUPERAntiSpyware or Malwarebytes' Anti-Malware. I use both, running one the first week and the other the second.

Monthly: Defrag your hard drive. Over time, your files become fragmented--with any single file split over multiple physical parts of the drive. Fragmentation can slow your PC and render lost files less retrievable.

Windows comes with a perfectly fine defragger. In Windows Explorer, right-click the C: drive and selectProperties. Click the Tools tab, then the Defragment Now button.

XP users will get a button to start the defrag. Vista and Windows 7 give you that plus an option to configure scheduled defragging.

Monthly: Scan your hard drive for errors.You're not looking for viruses or worms here, but physical and logical problems with the disk that could render parts of it unreadable.

It's handy to do this chore at the same time you defrag, because both chores start on the C: drive Properties' Tools tab.

To Scan the drive, click Check Now. Check both options, then click Start. An error message will tell you that Windows can't check the disk while it's in use. ClickSchedule disk check (Vista or Win7) or Yes (XP). Then, the next time you plan to leave your computer for a few hours (for instance, to sleep), reboot. Windows will take a considerable amount of time (ballpark guestimate: one hour for each 100GB of drive space) before it's ready for regular use.

Twice a Year: Backup your hard drive as an image.

While not as important as a recent backup of your data (see Daily), an image backup of your entire drive can be a life-saver should your hard drive crash or Windows become hopelessly corrupt. A good image backup means never having to reinstall Windows from scratch.

 

 

Source: http://www.pcworld.com/article/188123/pc_maintenance_what_tasks_when.html

Fake Microsoft Outlook Update Installs Trojan

Friendly Computers found this article very important for Microsoft Outlook users.

A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways.

The e-mail, which Panda posts with a screen shot, is spoofed to look as if it comes from Microsoft Support. With a realistic-looking subject and e-mail body that attempts to piggy-back on the constant (and correct) advice to keep your computer up-to-date with patches, it's a great example of a social engineering attack.

But despite the lack of any obvious typos or grammatical errors, the e-mail does contain some clear clues. First, neither Microsoft nor any other company I know of sends patches or updates as e-mail attachments. But unless you happen to follow the breathless excitement of Patch Tuesdays, you might not pick up on that clue.

Which leaves the second giveaway: There's an attachment. Any file riding along with an e-mail should automatically draw your suspicious eye. Even if your antivirus app allows an attachment through, it's still a great idea to upload the file to Virustotal.com for a quick additional scan from about 40 other antivirus engines. Unless the attachment is a small-scale targeted attack, there's very good odds that at least some of the engines at the site will ID the threat.

In this case, Panda says unzipping and running the attached .exe would install the Bredolab.Y Trojan. And as an extra added bonus, it will also download a rogue antivirus program called SecurityTool.

Source: http://www.pcworld.com/article/188456/fake_microsoft_outlook_update_installs_trojan.html

Fact and Fiction: The Truth About Browser Cookies

Friendly Computer would like to share with you this article.

Browser cookies are one of those technical bits of web browsing that almost everyone has some awareness of. They're also probably one of the most misunderstood aspects of browsing. Today we're here to clear up the confusion.

When it comes to browser cookies, most users have a lot of misconceptions about what they do. Here's a closer look at exactly what a browser cookie is, what it isn't, and what it's really used for.

What Are Cookies Anyway?

Cookies are nothing more than tiny bits of text stored on your PC by your web browser, containing information set by web sites such as your session token, user preferences, or anything else that the web site needs to keep track of you from one request to the next. Once the web site has asked your browser to set the cookie, the next time your browser opens a new request to the server—clicking a link to a page, adding an item to your cart, or even loading an image—your browser will send that cookie back to the web site that set the cookie.

The reason cookies exist are because the underlying HTTP protocol is stateless—each request from your browser is completely separate from the next one, so the server needs a way to keep track of what request belongs to what visitor. By storing a small bit of information in a cookie, the web site can determine that your page view belongs to your user account.

There are two "categories" of cookies: either first-party or third-party cookies. (Although there's actually no technical difference between the two.) First-party cookies are those cookies that belong to sites you actually visited in your browser, while third-party cookies, also known as tracking cookies, are generated from a Javascript include on the page—generally from third-party advertising web sites.

Myth: Cookies Spy On You and Track Everything You Are Doing

As we've already learned, the contents of cookies are set by the web site that you visited, so unless you've given your information to a web site, there's no way that cookies are going to contain personal information unless you've given that information to the site already.

Most cookies are as simple as a session token, but sometimes they contain your login credentials, usually encrypted or hashed in some format—but since cookies are only sent back to the same site that originated them, even if cookies contained personal information, it is not going to be shared with every site you visit.

Myth: Cookies Are Viruses or Spyware and Create Spam and Popups

Cookies are nothing more than text files and could not be executed even if you track down the hidden folder they are usually located in, but a surprising amount of people believe that cookies contain viruses or spyware. The reason for this, other than misconceptions fueled by clueless TV writers, is probably because most anti-spyware applications catch tracking cookies when you do a scan. Why? Cookies can be used by advertising web sites to track the sites you visit (assuming the sites are using the same advertising network—see more below), so most anti-spyware applications help you remove them.

The other myth is that cookies are responsible for spam and create pop-up advertisements. While it's true that an advertiser can use cookies to track which pop-up ads you've seen, the cookies have nothing to do with the advertisement in the first place.

Fact: Spyware and Viruses Can Read Your Cookies, but So What?

Another common misconception is that cookies are bad because if you have a virus or spyware infection, they can read your cookies to find out more information about you. This concept is not only overly paranoid, but completely illogical to boot—if your PC is already infected with a virus, you are pretty much totally screwed, since it has completely control over your computer, and your information at that point.

Fact: Cookies Are Required for Logging Into Most Sites

The vast majority of web sites require cookies to be enabled in order to create an account and keep yourself logged in, so if you disable cookies in your browser, a large portion of the web is going to be broken. There are some exceptions, of course—you'll probably notice that many shopping web sites embed the session token into the URL, but it's not something that most sites are going to implement. These cookies are considered first-party cookies, because they are set by the web site you purposely visited.

Fact: Cookies are Used by Advertisers to Track Sites You Visit

Because cookies are always sent back to the site that originated them, an advertiser's cookie will be sent back to them from every web site you visit that is also using that same advertiser. This allows the advertiser to track the sites you visit, and send targeted advertising based on the types of sites that you visit.

This does not mean that advertisers can read the cookies from the web site you are visiting—they can only read their own cookies, but because the advertising Javascript is embedded in the page, they will know the URL you are visiting. These cookies are considered third-party cookies, because they are not set by the actual page you are visiting, and they can generally be blocked without causing any serious problems.

If this type of tracking keeps you up at night, consider that an advertiser can already track the sites you visit based a combination of your IP address, browser version, location, and any number of other factors—so getting rid of the tracking cookies only eliminates a small piece of the puzzle when it comes to tracking your behavior online. There are also only a few advertisers big enough to really track you across the majority of web sites—and one has to assume Google already knows everything else you're doing online.

Fact: Deleting or Blocking Cookies Can Cause More Annoying Ads

If you've ever visited a web site that sometimes, but not always, prevents you from reading the article until you click through an interstitial advertisement that takes over the entire page—you might wonder what logic dictates who sees the ads and when.

Here's how it works: interstitial ads pay web sites very lucrative rates to allow them to take over the entire page, but since most web site owners know that they are annoying, they are usually rate-limited so they aren't seen too often by the same person. Once you've seen the ad a single time, the advertiser sets a cookie on your PC to make certain that you don't see the same annoying ad again for a while. If you are deleting your cookies on a regular basis, you're probably also seeing a lot more of these interstitial ads than everybody else. That is, of course, if you don't have an adblocker installed.

Fact: Disabling Cookies Doesn't Matter If You Have Flash Enabled

As we've already pointed out in our guide to browsing without leaving a trace, even if you are blocking cookies in your browser, advertisers are using Flash cookies to keep track of what you're browsing online. In fact,more than half of the most popular web sites are using Flash tracking cookies—and even using your browser in private mode won't (currently) stop them from tracking you this way.

Still Want to Block Cookies? Try Blocking Third Party Cookies Only

If you are still worried about cookies for privacy reasons, you can set up your browser to only accept first-party cookies, so you'll still be able to login to all the web sites that you visit. For Firefox, just head into the Options panel, switch to the Privacy tab, and uncheck the Accept third-party cookies box. If that causes you any problems, you can keep the option checked, but change the "Keep until" setting to remove the cookies once you close Firefox. Other browsers have similar settings; just head into the options to find them.

Source: http://lifehacker.com/5461114/fact-and-fiction-the-truth-about-browser-cookies