The online leak of the Microsoft free tool which helps law enforcement agencies to retrieve forensic evidence in the first ‘rush’ of a crime scene is perhaps not as serious as first thought.

This site ran a story a while back which announced that Interpol’s Global Security Initiative (GSI), which focusses on international security challenges, has been given free use of Microsoft’s Computer Online Forensics Evidence Extractor (hence COFEE) to help the fight against cyber crime.

COFEE help scene of the crime officers gather computer evidence in-situ and quickly. This type of evidence is regarded as volatile and not as efficiently collected as traditional forensic evidence. Microsoft hoped that by giving Interpol, and others, COFEE, it would go a long way to help combating the spread of cyber crime.

But reports from various sites online say that Microsoft does not regard the leak as a major leak. It is said to be investigating the circumstances behind it, but pointed out that COFEE is fundamentally an application which contains a collection of digital forensic tools which are common throughout the world. In other words, it is not ‘secret’ code which will unlock forensic tricks and techniques for the criminal community.

What’s more, those in the know said that the leaked version of COFEE was incomplete, with maybe less than 50% of the programme out there. Which leads watchers of the saga to the conclusion that COFEE is about procedure and technique in the heat of the incident, rather than a magical code which allows the police to get the upper hand.

Indeed, some experts have stated their disappointment that COFEE was not better than they had expected. Some went as far as to suggest that other similar programmes on the market would do a better job.

Some cynics have also stated that maybe Microsoft is deliberately downplaying the incident to avoid any embarrassment over its leaking which is not a great advertisement for the company, or the product. Also, others have challenged Microsoft’s relaxed attitude, given that maybe some criminals could learn from the leak and adapt their browsing and internet use accordingly.

Guest Article by Neil Camp 

Along with Symantec and McAfee, and a whole host of other computer security companies, BitDefender has announced that its new line-up of products which are compatible with Microsoft’s new operating system Windows 7.

BitDefender’s products – including Total Security, Internet Security and Antivirus – have all received certification ensuring that they work with Microsoft Windows 7. And they claim they provide customers with enhanced security, as well as innovative user interface features and reliability improvements.

The 2010 BitDefender line-up includes a number of new features:

• optimised scanning improvements
• active Virus Control
• first-ever usage profiles
• key system enhancements which is aimed at providing industry-leading proactive protection against all internet security threats, without slowing PC performance.

Ross Brown, Vice President of ISV and Solutions Partners for the Worldwide Partner Group at Microsoft, said:
“Our ISV community is alive with innovation, and we’re committed to helping our partners drive the next generation of software experiences. Adding compatibility for the latest Microsoft operating systems helps ISVs to stay ahead of the competition and give their customers access to cutting-edge technologies.”

Vince Hwang, BitDefender Global Director, Product Management, said:
“Working together with Microsoft to achieve this certification allows BitDefender to meet the changing needs of our customers and provide the very best in security solutions to our users. These include intuitive user interfaces with usage profiles that cover anyone from gamers to parents, as well as improved security and reliability features including Active Virus Control, an innovative technology that monitors programs running on a user’s computer and detects malware-like actions as they execute.”

BitDefender claims to be the creator of one of the industry’s fastest and most effective lines of internationally certified security software.

The Company’s Antivirus 2010 product BitDefender Antivirus 2010 has also just received AV-Comparatives’ top certification level for its quality of performance. In all, some 16 antivirus products were tested by AV-Comparatives in August. They sought to find out which software had the highest detection rates and lowest false positives.

Viorel Canja, BitDefender’s head of antimalware lab, said:
“We are particularly pleased with this achievement as it is further proof that BitDefender provides the highest level of protection. The test shows that on this occasion we have outperformed our rivals in terms of false positive ratings with the lowest number of occurrences.”

Guest Article by Neil Camp

Reports form the BBC suggest that Google’s Gmail and Microsoft’s Hotmail have been under siege from phishing attacks which have targeted thousands of service users in an industry wide scheme.

Both Google and Microsoft have moved to stem any damage. Users of Yahoo and AOL email services were also hit.

The BBC stated that they were shown two lists which contained the name and passwords of 30,000 people who use Gmail, Hotmail, Yahoo and AOL email services. And the lists were said to have been posted on the web for anyone to access.

Google told the BBC that only 500 of its customers had been named, although it said a third list was in existence, but declined to give numbers.

A Google spokesperson said:
“We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

Google appeared keen to highlight that the scheme did not actually breach Gmail security, but involved a none too uncommon scam which persuaded people to give away their personal information to cyber criminals.

A phishing scheme is one which usually involves bogus emails purporting to be from a bona fide organisation which invites recipients to send back their personal details, log-in usernames and secure passwords. And despite frequent warnings from the organisations themselves and computer security experts not to give away personal details to anyone, phishing attacks remain very successful in their simplicity and ruthlessness. Most are based on a good copy of a bona fida email and most introduce an element of bullying into their message: act now, or account will be closed down.

This particular scheme started when 10,000 Hotmail addresses were posted online at Pastebin, a website mostly used by developers to share code. But that was just the start, with a further 20,000 names being uploaded which contained e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

Although some of the details were old, or indeed fake, many were genuine.

A Microsoft spokesperson said:
“Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

A person from Yahoo reiterated the rest, urging its customers to “…
take measures to secure their accounts whenever possible, including changing their passwords…”

Computer security industry experts called for the providers to do more to educate their customers as regards the dangers of such phishing attacks.

Guest Article by Neil Camp

Seattle based software giant Microsoft has reportedly developed an antivirus programme that it will give away free, alarming certain computer security experts that it will fall short of a number of key features and expose users to attacks.

Believed to be called Morro, the software will initially only take on viruses, and not offer such additional features as parental controls for surfing.

The irony is of course, that many virus attacks come about because of holes (‘bugs’) in such operating systems as Microsoft’s Windows, hence the need for constant patching (in the form of Service Packs) after the release of the product.

This will be Microsoft’s second foray into the highly competitive world of computer security. Its first, called the Windows Live OneCare, made little impression on the overall market for sophisticated security products. It is thought that Live OneCare will be dropped once Morro is ready for release (a Beta version will come first).

Morro has been created to tackle viruses in the shape of spyware, rootkits and trojans.

But, as many computer security experts fear, this is not enough to counter attacks from modern day hackers who employ a whole raft of viruses and techniques in order to attack people’s computers. The danger many feel is that many computer users will be lulled into a false sense of security by using such a package as Morro. And they will eventually discover that they need a more sophisticated programme in order to keep them safe from viruses.

Guest Article by Neil Camp

Don’t be fooled by technicians from India claiming they must clean up viruses on your computer otherwise your Microsoft warranty will be invalidated.

It’s happened to a number of people in Australia and could be coming to the UK. It’s a simple and effective con. A person cold calls – believed to be from India – and states that your computer is infected by viruses. They infer that they are working alongside Microsoft and that unless you take action, the warranty on your Microsoft software will be revoked.

The charge for this ‘clean-up’ is around £200; a huge boggling sum, bearing in mind that an anti-virus suite costing at most £40 would be all that was needed to set matters right. But most computers targeted by these callers naturally have no virus problems.

And once your credit card payment has cleared they, with your permission, take remote control of your computer and a box appears which says that your computer is now virus free.

Of course, it’s a con and once the £200 is taken, a small file is downloaded onto your computer via the remote control which displays a virus clear-up box on your screen. All very simple and all very effective.

And the callers have no connection with Microsoft whatsoever, who are at pains to point out that they would never cold call a customer an ask for control of their system; nor do they employ, or ask other firms to do so.

What worries a number of computer security experts is that the remote control part of the con might really be trying to achieve, as all manners of viruses could be downloaded and secretly installed in that period of time.

So, be warned, if someone rings up and says that your computer has viruses, don’t be tempted to ask ‘…how do you know that…’, just put the phone down? If they call again, ask them for their contact details, as you are sure the police would like to know of their plans.

Guest Article by Neil Camp

With little fanfare, Microsoft has released Service Pack 2 for updating its Windows Vista operating system. As with the previous service pack, it contained many bug fixes and will help security for users both on corporate networks and at home.

As well as bug fixes, it also contained a number of refinements to the advanced operating system.

Although many of the refinements have been designed with large corporate users in mind, they will make a difference to many home users as well.

Two of the key changes are the updated Windows Search 4.0 and Windows Vista Feature Pack for Wireless programmes.

Windows Search 4.0 updates include improvements to hep users index and find files on their machines, and Windows Vista Feature Pack for Wireless updates offer upgraded Wi-Fi and Bluetooth components for wireless networking.

But with more bugs being fixed, it should prevent a number of malicious attacks and generally make the operating system more secure.

Those users who have not automatically received the Vista Service Pack 2, should go to the Microsoft website to update their operating system.

Guest Article by Neil Camp

It’s been well-publicised fact that Microsoft’s corner stone application within Word, PowerPoint, has been vulnerable to attacks from hackers.

Microsoft has now plugged the problem with the release of key updates.

In a simple attack, hackers would exploit the flaws within PowerPoint by tricking users to open up a presentation and unknowingly, download a malicious software programme contained within it. The mere act of opening it is enough to start the malware on its trip to deep down inside a computer’s registry files.

From there, it bides its time, waiting for the installer to give it instructions based on what it finds. Once downloaded, the malicious software programme, know as a Trojan, gets set up for its first job. It tests the internet connection of the computer it is attacking by ironically linking with the Microsoft Windows update site.

Then, once the Trojan has linked up and tested the connection, it sends back to its originator key information, including the computer name, the IP address and the operating systems being run. It then examines the computer’s directories, identifies any significant information and also updates itself, or paves the way for further malware, depending on what it has found.

To counter the ease of PowerPoint being attacked, Microsoft has released a number of patches which help solve the problem, and they are applicable for all versions back to 2000.

But for Mac users with 2004 and 2008 versions, there is still no patch available. Mac users will have to watch until a patch has been developed. They will have to resist downloading unknown PowerPoint files.

Guest Article by Neil Camp

Major software offerings from Microsoft and Google have this week drawn criticism from industry experts for major security flaws.

Close on the heels of Microsoft’s none too well received operating system Windows Vista, is Windows 7 which has been tested by the public in its “release candidate form.” Versions can be downloaded by the general public and tested.

Although the initial reaction has been good, seeing it as an improvement on the cumbersome Vista, there are worries that it contains an inherent security flaw.

Windows 7 was slated in for a release date of January 2010, but it might be earlier, with Microsoft saying that they are ahead of schedule. Generally, Vista was a disappointment, standing accused of being like a sieve when it came to security (requiring constant updates) and slowing down performance times. Windows 7 appears to solve a lot of those problems and features quicker response times, a new task bar, a touch-screen capability and an ability to stream media files (including music) from one computer to another via the internet.

But the question of computer security has reared its ugly head again with some suggesting that there is a major flaw in Windows Explorer (the heart of the operating system’s file management system) which allows other users to be attacked by hackers.

And what worries the experts is that this major flaw is not new, but existed in previous versions of Windows Explorer. And the irony is not lost on many, after Microsoft has sworn themselves to a “trust vision” to make security in their products a major preoccupation.

And Google’s all-singing, all dancing new browser has shown to be a little flaky. Chrome is liked by many, but Google has had to fix quite a few security holes, which then led to a problem with crashed computers. Chrome version 1.0.154.64 was released recently to put right two major security problems. The first concerned an ability for a hacker to run attack software that had the same priviledge as the primary user. The second problem centred on the 2D graphics which could have created an opening for attack software to be infiltrated into the browser’s security system.

But when the new version was released, having fixed the two security problems, it caused a few crashes, so a new version quickly followed.

Guest Article by Neil Camp

Interpol’s Global Security Initiative (GSI), which focusses on international security challenges, has been given free use of a Microsoft tool called COFEE to help the fight against cyber crime.

COFEE stands for Computer Online Forensics Evidence Extractor and Microsoft has handed it to Interpol’s 187 participating countries for free. The application is designed to help scene of the crime officers gather computer evidence in-situ and quickly. This type of evidence is regarded as volatile and not as efficiently collected as traditional forensic evidence. Microsoft hope that by giving Interpol COFEE, it will go a long way to help combating the spread of cyber crime.

Interpol hope that by using such a sophisticated tool as COFEE, they will take a major step forward in being able to assess the significance of what they find on computers and on other electronic devices.

Interpol was formed in 1923 as the International Criminal Police Commission and changed its name to the International Criminal Police Organisation in 1956. Based in Lyon, France, it’s membership provides it with an annual budget of some $60 million.

Guest Article by Neil Camp

Software giant Microsoft has launched a new initiative called Citizen Safety Architecture which has been designed to help Governments throughout the world respond to global security threats and security challenges in real time.

It does this by introducing Microsoft software that already exists and adapting them to provide solutions for specific scenarios. Software being used includes Global Security Solutions, Single View Platform, Eagle, FusionX and Incident Response Platform.

It is hoped that Microsoft’s Citizen Safety Architecture will enable individual Governments to speed up their response times and planning when it comes to coping with major situations.

Guest Article by Neil Camp