Why do videos start playing automatically when I visit a website? How can I stop this? #GoodQuestion
Today a client mentioned that videos are playing automatically on their computer and it annoys them.
Hey, it annoys me too! Why oh why do websites insist on force-feeding you content you might not actually want to hear? Please, web developers, give us the option to actually play your video if we want to. In fact, there is a particular web publication that I read frequently that does this on just about every page.. Yuck!
Anyway, the aforementioned person was using Firefox, and here’s how you disable this annoying feature on Firefox:
Select PREFERENCES, select APPLICATIONS, locate video formats and select ACTION for each item, such as QuickTime or Flash, and then select “always ask”.
For Internet Explorer (IE9 – if you are using something older… Uhmmm Time to upgrade!)
TOOLS / SETTINGS (Gear Icon) , Safety, Select “ActiveX Filtering”… Now when you visit a website (such as www.YouTube.com), Flash should NOT play. You will get a warning saying you need to upgrade your Adobe Flash Player. If you should want to view the Flash content, find the blue circle with a line through it to the right of the URL bar and you can enable for that site
For Chrome users, you can download extensions like “Stop Autoplay”. If you need assistance, I can type that up for you too =-)
Happy surfing…
Come to the dark side - We have cookies, and downloads.
Are you using something other than Microsoft Internet Explorer 9 (IE9) for your web browser? A growing number of you are, and Microsoft does not like it one bit. In fact, if you go visit their promo site, you can receive “Free stuff from sites you love” if you will just cross over to the dark side, so to speak.
Here’s the link to the “Beauty of the Web” site… HERE
Sites represented are Slacker Radio, AOL Radio, Grooveshark, hulu, Flixter, Fandango, ticketmaster, vimeo, zynga and Pandora.
Of course, you have to be using IE to take advantage of the offers. The process is to drag the icon to your taskbar to pin it there, then share the information on Twitter or Facebook.
Mac OS X users will have to run IE 9 in a virtual machine in order to take advantage of this…
It’s time to upgrade your browser if you are using IE7, Safari 3 or Firefox 3.5 or earlier. Not just to have the latest features and the best security, but in order to continue to use websites to their fullest.
Case in point – people using Google for Gmail, Calendars, Talk, Docs and Sites will lose functionality according to Google starting August 1st of 2011 as they are making a switch to supporting only “modern browsers”, and all future code releases will be focused on the newer browser versions.
You can read more about this on the Google Docs Blog http://googledocs.blogspot.com/2011/06/our-plans-to-support-modern-browsers.html
The majority of people should be able to upgrade to newer browsers, however, there will be a handful who are locked into an older browser due to a particular website they use ONLY supporting IE7 for instance. If you are one of those who must use an older browser for a corporate website, but want to run a newer browser, that’s possible! Just download and install Google Chrome for instance and use IE7 only for your corporate site.
Should you need help upgrading your browser, or have questions, please call upon us at 864.990.4748 or email info@homelandsecureit.com – we offer business computer support in the Greenville / Upstate, SC area….
Homeland Secure IT Alert
Homeland Secure IT Alert for Monday, April 11th, 2011
You’ve waited a whole month for this, and Microsoft has not let you down. Updates galore are ‘a comin’ tomorrow, April 12th, 2011.
The Microsoft Security Bulletin Advance Notification states that this Patch Tuesday will be a big one. A total of 17 fixes, addressing 64 security vulnerabilities are there for your enjoyment and they cover just about everything, from current versions of Microsoft Windows Operating Systems to Microsoft Office and even Microsoft Windows Server PowerPoint web app.
There are 9 critical, 8 important and two which address information disclosure/privilege threats.
One important update is the cumulative fix for the Internet Explorer browser which will address every supported Windows OS and covers IE 6, IE 7 and IE 8.
Microsoft will be sponsoring a webcast on April 13th at 11AM Pacific here: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032455069&EventCategory=4
Should you have issues or concerns about these updates or any Microsoft Security or Support questions in the Greenville / Upstate, SC area, please call us at 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert
Google Chrome is Gaining Ground Fast
Are you still using Internet Explorer? The majority of people are that hit our website and most others that track this information, but, as you can see from the graph on the right, alternative browsers are gaining ground.
Microsoft Internet Explorer, like it or not, is the de facto “standard” that web sites and web applications are built to support. There are many reasons for that, and obviously the main one is that IE is shipped with Microsoft Windows Operating Systems, and Microsoft Windows dominates as the OS of choice for both individuals and businesses.
As Apple Mac OS, Linux and other operating systems become a bit more mainstream, the alternative browsers that these systems ship with will cut into the Microsoft IE market share, but there is more going on here than a switch to new operating systems.
You are probably way ahead of me on this, but due to concerns over security, there seems to be a mass exodus away from IE. We’ve heard from our clients that they are worried about the seemingly endless flow of vulnerability announcements from Microsoft and then the subsequent patches that must be installed in order to ensure they can safely browse the web.
That, combined with the fact that other browsers are offering what feels like a faster browsing experience, a slew of new features, additional plugins or addons not available on IE, and a shiny new look makes it easy to see why the IE market share has dropped and Chrome has come up.
Chrome recently added some Active Directory integration making the browser even better than before for System Administrators.
Surprisingly, Mozilla Firefox, the second most popular browser, has actually been declining in popularity along side IE, while Safari and Opera have remained pretty constant in the low end of the scale.
With Chrome breaking into the ten percent market share, and pulling away from Apple’s Safari rapidly, it appears that Chrome could overtake Firefox in the next 12 to 18 months. Very interesting information.
Click on the graph for the link to the original article and more information.
No matter which browser you use, remember, there ARE security flaws. Chrome is not impervious to exploits, so, please remember to browse responsibly! Use current anti-virus / anti-malware, and common sense. (IE, Don’t install addons, plugins or codecs etc that you do not trust).
If you would like to discuss security concerns or whether a particular browser may be right for your business here in Greenville or the Upstate, please call 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert
Secure IT Alert for Monday, January 31, 2011
Microsoft has announced in Security Advisory 2501696 that they are investigating a potential vulnerability that may exist in ALL current supported editions of Microsoft Windows (Including Windows 7, Server 2008, Vista, XP and Server 2003). In fact, the only version that may not be affected would be the Server Core installations.
According to the bulletin, Microsoft is aware of the “proof-of-concept” code that has been released, so they are looking into it further, though they have seen no “active exploitation of the vulnerability”.
MHTML is the culprit and apparently, it IS possible (under certain conditions) for the vulnerability to allow an attack to inject client-side scripts in the response of a web request run in the context of the user’s Internet Explorer. The script could then spoof content, disclose personal information or emulate any action that the user could actually take on the affected web site. (IE, make selections, input data, etc).
What can you do to protect yourself? According to MS, you could lock down MHTML, set your internet security zone settings to “high” to block ActiveX controls and Active Scripting (in IE, Tools, Internet Options, Security, Internet, Security level for this zone and set slider to High). You could also set IE to prompt before running “Active Scripting” or disable “Active Scripting” all together in the Internet and Local intranet security zone. (In IE, Tools, Internet Options, Security, Internet, CUSTOM LEVEL, then under Settings, find the Scripting section and set Active Scripting to “Prompt” or “Disable”. Same under Local Intranet.). You can then add sites that you trust to the IE Trusted sites zone.
Use of an anti-virus software package like Trend Micro Titanium or Trend Micro Worry-Free Business Security which has the ability to watch web traffic is HIGHLY recommended. And of course, you could use an alternative browser, such as Google Chrome, or Mozilla Firefox… Many firewalls and security appliances from vendors like Cisco, WatchGuard and SonicWALL have the ability to block this type of traffic as well.
If you have questions or concerns about your personal computer or an entire business network in the Greenville / Upstate, SC area, please call 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert
Browser Wars!
I normally don’t weigh in on the browser wars, as each browser has its own place. For instance, there simply is no replacement for Microsoft Internet Explorer if you want near 100% compatibility with every site in the world.
Obviously, each alternate browser has a strong point, such as speed, or installation size, or security, but each browser also has downsides that sometimes keep people, especially administrators from adopting something other than IE.
One such downside is that in many cases, for an administrator to deploy an alternative browser such as Mozilla Firefox, or Google Chrome, they have been forced to install at each machine, and for each user of that machine, or employ little “tricks”. Once installed, they then have an update and management issue where they don’t know why Bob’s browser doesn’t have the same extensions as Mary’s browser without checking it out (remotely or physically visiting the machine generally because it is faster than actually talking to Bob) to resolve the situation.
Recently Google has created a new installer designed for enterprise use. It allows a system administrator to utilize active directory in a Microsoft Windows Server 2008 R2 corporate domain to push the browser out to PCs (Windows XP Professional, Windows 7 Pro), control which extensions are used, lock down a proxy server, insure all installations are up to date, etc. Policies control many factors (the list can be found here).
If you would like to check out Google Chrome, it can be downloaded from http://www.google.com/chrome/eula.html?msi=true
Google Chrome may not be able to replace all aspects of IE, however, from the looks of it, it would appear that they are trying.
Should you need more information about the security or features of this browser, or how you can implement it site-wide at your organization, you can call upon us at 864.990.4748 in Greenville / Upstate SC, or email info@homelandsecureit.com
An advisory from Microsoft (http://www.microsoft.com/technet/security/advisory/2488013.mspx) released today that reveals a new potentially dangerous vulnerability in Internet Explorer….
Here is an excerpt from that site:
Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Version: 1.1
General Information
Executive Summary
Microsoft is investigating new, public reports of targeted attacks attempting to exploit a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue.
The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution.
On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
Mitigating Factors:
| • | Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems helps to limit the impact of currently known exploits. An attacker who successfully exploits this vulnerability would have very limited rights on the system. |
| • | By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration. |
| • | By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls, reducing the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario. |
| • | An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. |
| • | In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site. |
This SHOULD be the last security advisory for the rest of the year!!! Happy New Year!
Homeland Secure IT Alert
Homeland Secure IT Alert
Homeland Secure IT Alert
Homeland Secure IT Alert for Tuesday October 12, 2010
|
Well folks, we have a boat load of updates this go ’round…. These updates affect Microsoft Office on both MIcrosoft Windows and Microsoft Macintosh operating systems. Then of course there are updates to the Microsoft Windows Operating System itself, and Microsoft Internet Explorer. The Reader’s Digest version(tm) goes like this – Update your systems and your applications. Failure to do so can result in your system being exploited by “bad guys”. How this takes place: You or a user on your network is enticed into visiting a malicious website, opening a malious email, etc, and your system becomes compromised, in spite of having quality anti-virus, such as Symantec, Trend, etc. These are flaws in the applications and operating system that MUST be patched in order to afford you the most protection. If you have issues applying these updates, or have questions, please email info@homelandsecureit.com or call 864.990.4748. We provide computer and network service, support and consultation in the Greenville and Upstate SC area. If you would like additional information about the updates, please read below at the included email announcements from Watchguard. (We also offer sales, support and consultation for Watchguard). |
 |
|
More Security Vulnerabilities Affect Word and Excel Summary: The 24 flaws may affect different components and applications within Office, but the end result is always the same. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine. According to Microsoft’s bulletins, an attacker can exploit these flaws using two types of Office documents: Word (.doc) and Excel (.xls). So beware of all unexpected documents you receive with these file extensions. If you’d like to learn more about each individual flaw, drill into the “Vulnerability Details” section of the security bulletins listed below: MS10-079: Multiple Word Code Execution Vulnerabilities, rated Important Word update for: Office XP w/SP3 Office 2004 for Mac Excel update for: Office XP w/SP3 Office 2004 for Mac If you want to block Word, Excel, and Works documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .doc and .xls files by their file extensions: Firebox X Edge running 10.x References: A Dozen Windows Updates Plug 15 Security Holes Bulletins Affect Media Player, .NET Framework, Kernel-Mode Drivers, and More Summary: MS10-075: Media Player Network Sharing Code Execution Vulnerability According to Microsoft, the Media Player Network Sharing Service that ships with Windows Vista and 7 suffers from a security vulnerability involving the way it handles Real Time Streaming Protocol (RTSP) packets. By sending a specially crafted RTSP packet to a computer with the Network Sharing Service, an attacker can exploit this vulnerability to execute code on that computer under the context of the Network Services account. Though the Network Services account has limited privileges, the attacker could then leverage other vulnerabilities described in this alert to gain complete control of that computer. Typically, Windows only allows computers within your local network to access the Media Player Network Sharing Service, which tends to limit this to an internal threat. Furthermore, Neither Vista nor Windows 7 starts this service by default, which further mitigates this attack. MS10-076: OpenType Font Engine Integer Overflow Vulnerability MS10-077: Code Execution Vulnerability in .NET Framework 4.0 MS10-073 Windows Kernel-Mode Drivers Elevation of Privilege Vulnerabilities MS10-078: OpenType Font Format Driver Elevation of Privilege Vulnerability MS10-081: Common Control Library Buffer Overflow Vulnerability Windows ships with a library of functions called the Common Control Library (Comctl32.dll), which helps it create the interactive windows it’s know for. This Common Control Library suffers from a heap buffer overflow vulnerability having to do with how it handles Scalable Vector Graphics (SVG) passed to it from 3rd party applications. By enticing your user to a website containing specially crafted code, an attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges. As usual, attackers could gain complete control of the computer if the user has local administrative privileges. MS10-082 Media Player Code Execution Vulnerability MS10-083: WordPad and Windows Shell COM Object Code Execution Vulnerability MS10-084: LPC Buffer Overflow Vulnerability Remote Procedure Call (RPC) is a protocol Microsoft Windows uses to allow one computer on a network to execute a task on another computer and then receive the results of that task. Windows RPC also includes a Local Procedure Call (LPC) component, which Windows uses to exchange messages between local processes and threads.The Windows LPC component suffers from a buffer overflow vulnerability involving its inability to handle specially crafted LPC requests. By running a specially crafted program, a local attacker could leverage this flaw to execute code under the context of the Network Services account. Though the Network Services account has limited privileges, the attacker could then leverage other vulnerabilities described in this alert to gain complete control of that computer. However, by their very nature, LPC calls are only sent locally. That means the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw. Furthermore, this flaw only affects XP and Server 2003. MS10-085: SChannel DoS Vulnerability The Secure Channel (SChannel) is a Windows security package that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) authentication protocols. According to today’s bulletin, SChannel suffers from a Denial of Service (DoS) vulnerability involving the way it handles specially crafted SSL/TLS handshake requests. By sending an SSL-enabled web server specially crafted requests, an attacker could leverage this flaw to cause your server to stop responding. You’d have to reboot the server to resume service. However, this flaw obviously only affects servers accepting incoming SSL connection — typically IIS web servers with secure pages. Unless you have such servers, and you have allowed the SSL connections through your firewall, you are not vulnerable to this attack. MS10-074: Microsoft Foundation Class Code Execution Vulnerability Windows ships with a library of functions called the Foundation Class Library, which developers can use to write programs implementing many of Windows’ basic OS and GUI functions. In short, the Foundation Class Library suffers from a vulnerability that has to do with how it handles window titles. If your computer has a 3rd party application that was created using the Foundation Class Library, and that application allows some way for user input to change a windows title, and an external attacker can somehow manipulate the input in a way to change the windows title, he could exploit this flaw to execute code on your computer, with your privileges. As you can tell, that is a lot of “ifs.” Microsoft has established that none of their software is vulnerable to this flaw. So you are only affected by it if you have installed some 3rd party application that was coded in a very specific way. This flaw poses a very low risk. MS10-086: Shared Cluster Disk Tampering Vulnerability Microsoft Cluster Server (MSCS) is a Windows component that allows you to cluster servers and disks. MSCS incorrectly sets permissions when adding news disks to a disk cluster. As a result, an internal attacker that can remotely access the file system of a cluster disk administrative share will have full control of that share, regardless of his privilege. However, usually only users on the local network will have access to disk shares. The flaw only affects Windows Server 2008 R2. Solution Path: MS10-075: For Windows Vista (w/SP1 or SP2) MS10-076: For Windows XP (w/SP3) For Windows Server 2008 R2 Itanium * Note: Server Core installations not affected. MS10-077: Microsoft .NET Framework 4.0 Update for all 64-bit versions of Windows. For Windows XP (w/SP3) For Windows Server 2008 x64 (w/SP2) For Windows Server 2008 Itanium (w/SP2) For Windows XP (w/SP3) For Windows XP (w/SP3) For Windows Server 2008 R2 Itanium * Note: Server Core installations not affected. MS10-082: All versions of Windows Media Player for: For Windows XP (w/SP3) * Note: Server Core installations not affected. Updates for WordPad: For Windows XP (w/SP3) For Windows Server 2008 R2 Itanium For Windows Vista (w/SP1 or SP2) For Windows Server 2008 R2 Itanium For Windows XP (w/SP3) For Windows Vista (w/SP1 or SP2) MS10-074: For Windows XP (w/SP3) For Windows Server 2008 R2 Itanium * Note: Server Core installations not affected. MS10-086: For Windows Server 2008 R2 x64 For All WatchGuard Users: Status: References: Cumulative IE Patch Fixes Ten New Security Flaws Severity: High Summary: This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows How an attacker exploits it: Usually, by enticing one of your users to visit a malicious web page The ten vulnerabilities differ technically, but four of the most serious ones share the same general scope and impact. These four issues involve various memory corruption flaws having to do with how IE handles certain HTML elements and objects. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit any one of these four vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could exploit these flaws to gain complete control of the victim’s computer. The remaining vulnerabilities consists of Cross-Site or Cross-Domain Scripting (XSS) flaws and some Information Disclosure issues. Keep in mind, today’s attackers often hijack legitimate web pages and booby-trap them with malicious code. Typically, they do this via hosted web ads or through SQL injection and XSS attacks. Even recognizable and authentic websites could pose a risk to your users if hijacked in this way. If you’d like to know more about the technical differences between these flaws, see the “Vulnerability Information” section of Microsoft’s bulletin. Technical differences aside, the memory corruption flaws in IE pose significant risk. You should download and install the IE cumulative patch immediately. Solution Path: Internet Explorer 6.0
For All WatchGuard Users: Status: References: |
|
|
Homeland Secure IT Alert
Trend Micro Browser Guard can protect you from "Zero Day" Exploits
Our friends at Trend Micro Labs are watching out for you, even if you opt to not purchase their incredible anti-virus software!
If you are using Internet Explorer 6, 7, or 8 you could fall victim to what is known as ”zero day exploit”, which is simply a hole that is found by the bad guys and a means for taking advantage of that security flaw is devised and deployed before the good guys can prepare for it.
The easiest application to exploit is Microsoft IE, because it is the most popular browser currently, and we just can’t stop clicking on links. We are addicted to clicking every link we find, and should one of those be a malicious site, we run the risk of becoming a victim if we do not have the latest patches, and sometimes with these zero day exploits, there IS NO PATCH.
Browser Guard 2010 from Trend Micro may help prevent your IE from leading you into trouble. As mentioned, it is a free download and works with IE 6, 7 and 8. If you are using an x64 (64 bit) system, you are out of luck though.
The following is extracted from their site:
Trend Micro Browser Guard is an easy to use browser plug-in, which prevents known and unknown web threats. Zero-day attacks such as Aurora and Hydraq can be proactively blocked by Browser Guard, which detects and prevents behavior associated with these types of threats.
Cybercriminals often use malicious JavaScript inserted into web pages, where attacks can take place silently, without any visible effect. Browser Guard also protects you from such attacks by analyzing and subsequently blocking malicious JavaScript. For the most advanced and efficient detection, Browser Guard communicates with the Trend Micro Smart Protection Network, bringing you the latest protection when you surf the web.
Key Benefits
- Protects against zero day exploits
- Detects buffer-overflow and heap-spray attacks
- Protects against execution of shell code
- Analyzes and protects against malicious JavaScript
- Connects with Trend Micro Smart Protection Network to maximize detections
CLICK HERE to go to the Trend Micro Browser Guard page.
If you are using Chrome, Firefox or another alternative browser, you can still become a victim, just not as easily due to the fact that these browsers are not being targeted as frequently.
If you have questions or require assistance, please call 864-990-4748 or email info@homelandsecureit.com – We offer affordable and fast virus removal and cleanup in Greenville / Upstate SC (If you suspect you have a virus, click here, then select the free online scan)
