Potential Security Problem with Automatic Updates

February 20th, 2009

A new trend that is occurring in a lot of new software, commercial and open source, is the ability to check for updates and install the latest version within the program itself. Now I always love this feature in software and means that I always have the latest version of the application. However the problem with these updates is that they are 100% trusted as safe from the end user and with more and more applications implementing this feature, it is only a matter of time before hackers start to attack these application to distribute their malware.

Since more independent software makers are including this feature into their applications, it wouldn’t be a stretch of the mind to think that their website has some security holes which could allow an attacker to take control of the webserver with a shell script or something similar.

Now say an attacker has uploaded a php script that takes advantage of the shell and even uses a list of php functions to help his attack. If the software is hosted on the same server, the attacker could then find out how the software checks for updates and trick the application to think that there is a new version and point the download location to where his malware is hosted. Now the end user thinks there is a new version, downloads it and now he has a virus on his machine.

With more and more applications including this feature, it would be possible to find an application that is hosted on a shared hosting environment, and even if their website has no security faults an attacker could potentially perform the same attack but was able to get his/her shell script onto the server through another website hosted on the same machine.

Now it will be interesting to see over the next couple of years to see how common this becomes, and its definitely not a stretch of the imagination that this could happen to a large company as Kaspersky was recently hacked through an sql injection on their website.

Tags: , , ,
Posted in Security | No Comments »

New Hacking Method

February 5th, 2009

I watched this video the other day about a man who had 90k stolen out of his bank account. Now there is nothing new about that but the problem the hackers faced is that the commenwealth bank employ a SMS code verification system so in order for the attackers to transfer the money out they had to get the SMS code.

So what they did was transfer the man’s number over to an unknown carrier, and then transfered the money and wollah they now have the SMS code since they took control of his phone. Unfortunally there wasn’t much information about the attack, but I would have to think they would of had alot of personal information already to succesfully pull of the hack. Still it is something to think about on possiable hacking methods.

Tags:
Posted in Security | No Comments »

Windows 7 Review

January 22nd, 2009

The last couple of weeks I have been testing out the Windows 7 Beta and i must say I’m very impressed, and it seems I’m not the only one. There are thousands of posts out saying how this is the best windows beta ever and even hardcore mac fans are saying they may have to think about what OS to go for in the future. Now I think this is a little overdue with people praising Microsoft and not bagging them out, as I love vista and think there is nothing too wrong with it.

I think the problem was the early vista betas (which i tried out) were crap, had a lot of problems along with the fact it was the beta felt like it was forever. Microsoft have now made vista stable and very good OS with the help of SP1, but the problem is everyone has this negative image in their heads so its doomed to fail and unfortunately could go down in history with Windows ME which will be sad. Now that’s enough of me trying to defend vista.

Now Windows 7 contains some cool new UI improvements, most notably the new task bar. Microsoft have totally changed the task bar with moving it more in the style of a Mac.

taskbar-preview

Now as you can see, the applications that are open are just icons now and there is a border around the icon to indicate the application is open as you can dock applications to your task bar so they never disappear. When you click on an application that is already running and has multiple windows open, you will be promoted with a display preview to choose which window you wish to navigate to. Another cool feature is when you hover your mouse over the preview, it will show what your display will look like when you click on the window.

Personally I love this feature once I got used to the new task bar, and I think what the mac is missing from their OS is the preview function of each window open inside the application. Because of this preview function, it makes navigation through all your windows open a breeze.

Another cool functon IE8 is when your downloading a file, it will display the progress in the icon on the taskbar.

ie-download

Some extra UI improvments Microsoft have added are the managing of windows, giving you the ability to resize windows 50% width to compare say two documents you have open.

window-side window-side-by-side

Some other improvements they have made through out the OS is converting the default applications eg. Paint, Calculator to use the ribbon UI along with update’s to the features. Another cool feature they have added is the ability to cycle through multiple desktop backgrounds every X minutes.

paint

Microsoft have also spent alot of time make Windows 7 lighter, which results in faster loading times and I must say it is really quick especially for a beta version.

The only thing that is bugging me with Windows 7 at the moment is that they have changed the loading screen when booting up the computer to just be a windows logo that moves the colour of the logo around. This annoys me as I like having the bars as I was able to tell if my machine was getting slower and needed a format by counting how many times the bars went across. Yeah im crazy!

Overall I think that you can not complain with the quality of Windows 7 and is going to put Microsoft back into to everyone’s good books, along with none of the problems they faced with Vista (hopefully!).

Tags: , , , ,
Posted in Windows | 4 Comments »

Windows 7 Public Beta Direct Download Links

January 10th, 2009

Well I fell for the vista beta, which turned me off vista alot but now i love it and now i may be making the same mistake again. It seems that the world is going crazy for Windows 7 Beta with their servers being overloaded and postponed the public beta.

I have found some direct download links which is downloading at a steady 2.4mb/s.

X64:
http://download.microsoft.com/download/6/3/3/633118BD-6C3D-45A4-B985-F0FDFFE1B021/EN/7000.0.081212-1400_client_en-us_Ultimate-GB1CULXFRE_EN_DVD.ISO

X86:
http://download.microsoft.com/download/6/3/3/633118BD-6C3D-45A4-B985-F0FDFFE1B021/EN/7000.0.081212-1400_client_en-us_Ultimate-GB1CULFRE_EN_DVD.ISO

You still need to get a key when microsoft releases the public beta, but I believe you can still use Windows 7 for 30 days without them.

Will keep you updated about Windows 7 and my review of the OS.

Update: You can now register for the beta here.

Tags: , , ,
Posted in Windows | No Comments »

icloud

June 2nd, 2008

Recently, I had been invited to test out Xcerion new software called “icloud” after registering my interest a while back. To give you a little background, icloud is an OS that runs under your browser (IE 6/7 only at the moment).

Now to be honest, I can’t really see any benefits of having an OS running in your browser unless your on multiple computes through out the week and you want everything in one place. But on that note why not just buy a laptop or PDA? I think the idea is cool but for me it just do not see a place for it to succeed. After having a play around with some of the features, I found it to be really slow and could of done half the task on my own machine in half the time. And along with that, it uses alot of cpu and while loading some applications, it actually freezes up IE.

One thing that bugged me was one of its applications, a web browser. Now honestly why would you use the web browser inside this “OS” which is being run under a browser to start of with. To me is just a waste of time, and you loose half the features in your browser aswell.

Anyway thats my 2 cents, I’m sure there is some people who will benefit from this but as i said it has a limited market place, so best of luck to them.

Tags: , ,
Posted in Random | No Comments »

« Older Entries
Newer Entries »