New Internet Explorer Security Exploit Update

Microsoft has released a patch for Internet Explorer. Apparently, there was enough of a concern for them to move outside of their regular patch schedule.
If you are using IE7 on Windows XP with SP2 or SP3, you can find the patch here.
If you are using IE7 on Windows Vista or Vista with SP1, you can find that here.
If you are running Internet Explorer on any other configuration, you can find your configuration on the Microsoft Security Bulletin MS08-078 here.
If you are running any combination of Internet Explorer on a Microsoft Operating system, you are strongly encouraged to install the patch.
Original article update here:
Microsoft Releases Critical Internet Explorer Patch

New Internet Explorer Security Exploit

When I was a kid, I remember reading a story about a chicken that got bonked on the head by a falling acorn and she thought that the sky was falling. Chicken Little then went around to every animal she could find proclaiming that “the sky was falling”. The result was a small panic spreading throughout the farm, until one of them looked up and saw that the sky was still exactly where it started that morning.
I’d like to say that this report is a “Chicken Little” event, but it has just the right amount of paranoia that says, “maybe, this time, the sky is falling”. I’m talking about the new flaw found in Internet Explorer.
Originally thought to be confined to IE7, it now seems to encompass everything from IE5 to the latest beta release of IE8. This exploit also appears to have been bought, sold and employed since about October.
If you are into the technical details from Microsoft Technet or looking for sites to avoid, you can find them here.
If you are running IE7 MS suggest that you turn on Data Execution Prevention. What this essentially does is marks certain memory locations as protected (as in locations that only the OS should have access to) and if a piece of code attempts to write to those locations (malicious or otherwise) DEP will shut the program down and send you an alert.
To turn on DEP in your Windows XP system, open your control panel and click on the “System” icon. The "System Properties" window will come up.
Click on the "Advance" tab, go down to the "Performance" section and click on the “Settings” button. This will bring up the "Performance Options".
Under the "Performance Options" window, click the "Data Execution" tab. Make sure to select the radio button next to “Turn on DEP for all programs and services except those I select”.
Then hit the “Apply” button. Your system will request a reboot before the changes take effect.
While this may be a stopgap measure, I don’t think it is a true solution. If it were, we wouldn’t see the level of concern from the security experts or even Microsoft.
Current recommendation is to use one of the other browsers out there (Firefox, Chrome, or Safari) until MS issues a suitable patch.
Current projected assumption, based on Microsoft’s past patch schedule puts this at Jan 13, 2009.


Reference articles are here from washingtonpost.com:

Microsoft Investigating Reports of New IE7 Exploit

Microsoft: Big Security Hole in All IE Versions

Article from Chris Null on Yahoo

Sales Reps on Laptops: Watch Your Six...

Well, it was bound to happen. I finally got mine.



A few days ago, I got a security alert that the email phishers were trying some new tactics to pry information out of the unsuspecting user. One involved a ticket verification process from the airlines. The major airlines immediately went public denying that they practiced communication of this nature and if you saw anything that asked you for personal information, it didn’t come from them.



The other was FedEx. Apparently, phishers posing as FedEx tracking brokers send out emails saying that you have received a package, but because of the nature of the package, you need to supply personal information in order for them to deliver it.



As far as I can recall, correspondence with FedEx has always been unidirectional in nature. They leave a sticker on my door stating that they tried to deliver a package and if I want it, I can come down the station to pick it up. Sometimes they will attempt to deliver it again the next day at a specific time.


But they always leave a note. I have never received an email from them.



Until today.



Here are some things to look out for in this, or any other, suspected phishing email:

1. Generic greetings. Most likely, they are sending bulk email, meaning that they can’t address you by name without tipping off everyone else on the distribution list.
   
   
   


2. Suspicious or unofficial “from” address. In the header of the email, you will see the address of the sender (From), the recipient (To), where to send a reply (Reply-to), and a return path (Return-Path). If you know how to do it, the “From” address can be altered to look official. In a real correspondence, however, the domain name (that part of the address between the @ sign and the first period) should match in all addresses except for the recipient address. There is no reason an official request should be sent from info@fedex.com while the reply-to address is jimbo@yahoo.com.
   
   
   


3. Empty recipient address. The “To” field is typically left blank to hide the fact that this “private” correspondence has just been sent to everybody on God’s green earth.
   
   
   


4. Urgent requests to act. Typically, you’ll see notices that your account has been compromised, that the “company” is about to close out your account, or that you have won a whole bunch of money and that you need to act now. $800,000.00 USD is a whole bunch of money to most people.
   
   
   


5. Suspicious looking links. This email doesn’t use links back to phishing websites. However, there is a phone number you can call. Probably goes to a phone in the phisher’s basement.
   
   
   


6. Spelling and Grammatical errors. This email is littered with them. The line I really like is at the end of the email right after the piece about not copying the email: FEDEX INTL>>>LICENCE OF FEDERAL EXPRESS CORPERATION.
   
   
   


7. Requests for personal information. Things like PINs, SS numbers, credit card numbers. Legitimate companies will never ask for this information via email. They may use a secured form (look for the pad lock in your browser indicating that encryption is in place) or they may ask via telephone. But they will never use email to request this type of information.

The email is included below for your entertainment. If you haven’t received on yet, rest assured that yours is in the mail… uh, I mean email.



Stay Vigilant. Good Selling.

---

Dear Customer!

We have been waiting for you to contact us for your Confirmed Package that
is registered with us for shipping to your residential location.We had
thought that your sender gave you our contact details.It may interest you
to know that a letter is also added to your package.However, we cannot
quote its content to you via email for privacy reasons.

We understand that the content of your package itself is a Bank Draft
worth of $800,000.00 USD, FedEx do not ship money in CASH or in CHEQUES
but Bank Drafts are shippable.The package is registered with us for
mailing by your colleague, and your colleague explained that he is from
the United States but he is here in Nigeria for a three (3)months
Surveying Project as he works with a consultant firm in Nigeria West
Africa We are sending you this email because your package is been
registered on a Special Order.

What you have to do now, is to contact our Delivery Department for
immediate dispatch of your package to your residencial address.Note that
as soon as our Delivery Team confirm your information, it will take only
one working day (24 hours) for your package to arrive it's designated
destination.For your information, the VAT & Shipping charges as well as
Insurance fees have been paid for by your colleague before your package
was registered.Note that the payment that is made on the Insurance,
Premium & Clearance Certificates, are to certify that the Bank Draft is
not a Drug Affiliated Fund (DAF) neither is it funds to sponsor Terrorism
in your country. This will help you avoid any form of query from the
Monetary Authority of your country.

However, you will have to pay the sum of £105GBP to the FedEx Delivery
Department being full payment for the Security Keeping Fee of the FedEx
company as stated in our privacy terms & condition page. Also be informed
that your colleague wished to pay for the Security Keeping fee, but we do
not accept such payment considering the facts that all items & package
that are registered with us have a time limitation and we cannot accept
payment not knowing when you will be contacting us for your package or
even responding to us.So we cannot take the risk to have accepted such
payment incase of any possible demurrage.

Kindly note that your colleague did not leave us with any further
information.We hope that you respond to us as soon as possible because if
you fail to respond until the expiry date of your package, we may refer
the package to the British Commission for Welfare as the package do not
have a return address.

Kindly contact the delivery department (FedEx Delivery Post) with the
details given below:

FedEx Online Delivery Post
Contact Person:Gary Anderson
Email:fedex.delivery1963@live.com
Tel: +234 805 8814 416

Kindly complete the below form and send it to the email address given
above.This is mandatory to reconfirm your Postal address and telephone
numbers.

FULL NAMES:
TELEPHONE:
POSTAL ADDRESS:
CITY:
STATE:
COUNTRY:

Kindly complete the above form and summit it to the delivery manager on:
fedex.delivery1963@live.com

As soon as your details are received, our delivery team will give you the
neccessary payment procedure so that you can effect the payment for the
Security Keeping Fee. As soon as they confirm your payment receipt of
£105GBP which is equivalent to $210USD , they will not hesitate to
dispatch your package as well as the attahced letter to your residence. It
usually takes 24 hours being an overnight delivery service.

Note that we were not instructed to email you, but due to the high
priority of your package we had to inform you as your sender did not leave
us with his phone number because he stated that he just arrived Nigeria
and he hasn't fix his phone yet. We indeed personally sealed your Bank
Draft and we found your email contact in the receivers column as the
recipient of the foremost package.

Ensure to contact the delivery department with the email address given
above and ensure to fill the above form as well to enable a successful
reconfirmation.

Do not reply this email because this email account is not monitored.Send
your details to:fedex.delivery1963@live.com

Yours Faithfully,
Mrs. Margaret Blaire.
FedEx Online Team Management.
All rights reserved. © 1995-2008
----------------------------------------------------------------------------------------------------------
This E-mail is only for the above addressees. It may contain confidential
or Privileged information. If you are not an addressee you must not copy,
distribute, disclose or use any of the information in it or any
attachments.
----------------------------------------------------------------------------------------------------------
FEDEX INTL>>>LICENCE OF FEDERAL EXPRESS CORPERATION.

Keep Your Laptop and Desktop Performing For Years With This Simple Tip

A few days ago, Lance was up in the Cleveland area doing some training with out team. During his visit, he saw some of the older PCs that had been mothballed because of obsolescence.



Now you have to realize that for technology, 3 years for a PC is like 75 years for a human being. It will keep limping along, but there will be new applications that really stress it and some of the latest hardware won’t work with it. It just becomes a real challenge to use.

But at our location, we aren’t doing anything stressful with the systems. We weren't designing microchips or running exotic database engines on them. They were really hosts for browsers with all of our applications hosted on outside systems, like SalesForce.com, G Suite, and hosted email applications.

So when Lance saw these systems back in the back closet just sitting there, his question, naturally, was, “can we make use of these?”

As an IT guy, I like to see the best, fastest and latest technology on hand. From a business perspective, however, these systems were adequate for what we were doing, with some minor modifications, of course.


I told Lance that I would see what we could salvage out of the systems. Naturally, processor speed would be a minor concern, but of more importance were Ethernet capability and memory capacity.

So the first thing I did was to find two systems that were similar, intending to consolidate memory from the two systems into a single system.

Well, upon opening up my first system, I was shocked.

I knew that these things were on the “more mature” side. So, when I opened it up, I expected a certain amount of dust.

I didn’t expect to see the motherboard wearing a wool sweater!

The bottom of the system looked like somebody had called in Empire to install a shag carpet, the processor and fan assembly were nothing more than a gray lump, and the memory assembly could only be found after prodding and poking the board.

This thing had more insulation than my attic.

While it was shocking, the problem was easily correctable. A quick trip to the local Wal-Mart for a $4 can of compressed air and I was able to clean out the entire mess with no trouble at all.

For all of you sales reps out there, heat is the system killer. Your desktop and laptop are equipped with several fan systems to get heat away from the processor, memory and graphics card and vent it out into the general atmosphere. However, it also has to vent air into the box before it can pass it over the core components and vent it back out again. As it sucks air in, it also brings in dust, which eventually settles somewhere inside your machine.

Over the months of bringing in dusty air, that dust builds up on the heat generating parts and keeps the heat transfer from taking place efficiently. It’s no accident that I used the word “sweater” and “insulation” previously. If your processor and memory are wearing sweaters, then the heat is staying close to the devices and not getting transferred out of the machine. And increasing heat on parts like the processor and memory will decrease their useful lifespan.

For a desktop, you will have to remove the side panel before performing your internal dusting. However, you can also use this can-of-air on your laptop as well, to blow out the bits of dust, food, hair clippings and flaked skin out of the keyboard.

For all of you sales reps out there, spending $4 for a can of air is probably the cheapest form of self-maintenance you can get and it will keep your system performing error free for years to come.

Or at least until you buy your next laptop.

Organize Your Sales Activity Through IE7 Tabs

Here is a quick tip for all of you sales reps out there that use Internet Explorer 7 or later.



One of the newer innovations that Microsoft put into it's browser is the tab feature that essentially allows you to have different web pages in a single browser window. As a sales rep, you’re probably saying to yourself, "Yeah, It looks good. There are plenty of bells and whistles in IE7. The techie guys are either drooling over it or they are busy tearing it apart along with Microsoft. But what does it do for me?"




There are a few things that you can do with this feature that may make your life a little bit easier.



Let’s say that you, the sales rep, are out in the field and you use a lot of the hosted applications out there, like SalesForce.com, browser-based email, any Google apps or maybe even GrandCentral internet phone setup.



Using the old method of opening each app in a separate browser, you would end up with a number of different browsers windows cluttering up your desktop. You would spend a lot of time minimizing and maximizing browser windows and trying to figure out which browser held the application you were looking for at the time. It’s a recipe for disorganization.



Using the tabs, you can open one browser window and use the tabs to navigate to your different applications.

For example, let’s say you use a mail application such as the web version of Lotus Notes. While reading your email, you come across a note from one of you clients over at Steris Corporation (just as an example) and you need to check them out in Salesforce.com.



Instead of clicking on the browser icon and bringing up another browser window, all I have to do is click on that little square next to your current tab as pictured below:



and it will bring up a new tab with a blank page:



From that page, you can then use your favorite method to navigate to your new destination page on SalesForce.com. You’ll end up with something that looks like this:



Now you have access to your email and your SalesForce.com account.



Let’s say that in addition to this, you also need to have the client’s website available, your company’s website available, the Google search engine up and Google traffic maps up just in case you want to check on traffic before driving out to see the client.



After performing the same function used above, you end up with a browser environment that looks like this:



Now here is where the fun starts. You have the ability to rearrange the tabs to best suite your working environment merely by dragging and dropping them. For instance, using the right mouse button, I can grab and move the Steris tab from the middle position:



to the first position:



The other thing we can do is to use the quick tab button, located right next to the star and plus sign (or the "add favorites" icon). The quick tab feature gives you a thumbnail view of everything that you might have open, like this:





From this view, you can quickly navigate to the tab you need simply by clicking on the thumbnail.



If you use a lot of hosted applications and access them through your browser, using tabbed browsing in this fashion will add some organization to your daily activities and increase your overall effectiveness.