Turkish Hacker Hijacks Hotmail.co.il and MSN.co.il

A few hours back, the Israeli Hotmail and MSN webpages were hijacked by a Turkish hacker to display a pro-Palestinian message. According to Softpedia, the nameservers and administrative email addresses were changed. Instead of redirecting to the usual login.live.com and il.msn.com, the viewers were redirected to the page pictured below.


Microsoft has regained control of the respective domain names and both the sites are currently operating normally. Microsoft has yet to respond to the hijacking and for now, the method used by the hacker to pull of this feat remains unknown. The most obvious possibility is that he used stolen credentials. However, KISS philosophy doesn’t always work. If you have any idea, don’t hesitate to share it with us.

Comodo Offers Comodo Internet Security for Free to Those Who Can’t Afford It

Comodo-Internet-Security In the recent past, Comodo has been bashed left, right and center for a multitude of reasons (mainly its business practices). However, that doesn’t change the fact that Comodo Internet Security suite is one of the best premium malware protection suites available in the market.

The premium edition would normally set you back by $49.99 per year. However, Comodo is offering a free one year license of Comodo Internet Security to anyone who can’t afford to pay for it. All you have to do is sign up at the official forums and request a license key.

Here is the message posted by Melih Abdulhayoglu, CEO of Comodo:

There are many out there who might be able to gather enough to buy a computer but not have enough to buy security or even have access to general help with computers.

I believe access and exposure to computers are vital to the future of human race. So anyone who can’t afford to have Security or a geek to help with stuff, pls PM me with your details, and we will be more than happy to provide 1 year worth of full CIS Complete and GeekBuddy at no cost!

but please only genuine requests.

Bill: Stop PMing me…you own bloody Microsoft, you can easily afford $69 a year!!!

PS: if you are a school that can’t afford security, or charity, or an organisation doing good work for the community, pls feel free to PM me or any one of our Moderators for this too.



Google Enables Encrypted Search Using SSL or HTTPS

Secure Sockets Layer which is regularly known as SSL is a norm for protecting data from being interpreted by third parties and has been in use for a long time. However, you might not be accustomed to seeing https on regular sites, but have come across them on a banking website.

To add to that, you can now also start searching securely using Google, thanks to the introduction of their new encrypted Google web search feature accessible at https://www.google.com

Google SSL Encrypted Search Beta

The search experience between the regular search engine and the encrypted search engine will almost remain the same, except for the fact that people will not be able to snoop in on what you are searching while using the encrypted search. A visible change users will see when using the encrypted search is the new logo as you will see in the image above.

So the next time you are thinking of searching for something and don’t want your neighborhood friendly salesman to know what you searched for, head over to https://www.google.com.

For more information on this, visit the official Google Blog post.

Quickly Scan Any File with 40 Different Antivirus Engines

VirusTotal-icoThere are several online services that will allow you to check files for viruses or malware by uploading the files from your computer. One reason you might use one of these services is that you have downloaded a new program and you want to know if it’s safe to install on your computer. One of the services that I use most often is called Virus Total’.

Virus Total is a free, independent service that will analyze uploaded files with around 40 different antivirus engines. Here is the current list:

AhnLab (V3)
Antiy Labs (Antiy-AVL)
Aladdin (eSafe)
ALWIL (Avast! Antivirus)
Authentium (Command Antivirus)
AVG Technologies (AVG)
Avira (AntiVir)
Cat Computer Services (Quick Heal)
ClamAV (ClamAV)
Comodo (Comodo)
CA Inc. (Vet)
Doctor Web, Ltd. (DrWeb)
Emsi Software GmbH (a-squared)
Eset Software (ESET NOD32)
Fortinet (Fortinet)
FRISK Software (F-Prot)
F-Secure (F-Secure)
G DATA Software (GData)
Hacksoft (The Hacker)
Hauri (ViRobot)
Ikarus Software (Ikarus)
INCA Internet (nProtect)
K7 Computing (K7AntiVirus)
Kaspersky Lab (AVP)
McAfee (VirusScan)
Microsoft (Malware Protection)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
PC Tools (PCTools)
Prevx (Prevx1)
Rising Antivirus (Rising)
Secure Computing (SecureWeb)
BitDefender GmbH (BitDefender)
Sophos (SAV)
Sunbelt Software (Antivirus)
Symantec (Norton Antivirus)
VirusBlokAda (VBA32)
Trend Micro (TrendMicro)
VirusBuster (VirusBuster)

They keep those engines up to date with the latest virus signatures, and they also offer detailed results from each engine in their reports. Virus Total is available in nearly two dozen languages.

To use this service, you simply visit the web page, click on the file upload button, select the file and wait for it to upload. Once the file is uploaded, you will often have to wait a few minutes for the scan results to appear. If you think that sounds pretty easy to do, you are correct. However, Virus Total now offers an even easier method, the Virus Total Uploader.

After you install the Virus Total Uploader [Windows Only] on your PC, you can right click on a file, then Send tothe Virus Total site.


After a few seconds, your web browser will open up to show you the results of the antivirus tests from Virus Total.

That’s not the only trick that the Uploader has for you. When you launch it from your Start menu, you’ll see three other upload options in it’s interface:


  • upload a file by choosing it’s process name
  • select a file by browsing to it’s location
  • type in the URL of a file on the web

Go to the Virus Total Uploader page to get it.

Techie Buzz Verdict:

Having a good antivirus program installed on your PC is a must have. The ability to double check files using 40 different antivirus engines is not required, but it sure is nice to have. If you’d like to try this application, I recommend it.


Techie Buzz Rating: 4/5 (Excellent)

Opera 10.53 Released – Fixes Highly Critical Security Vulnerability

Opera-10.53-UNIX-Beta-RC Opera software has pushed through another update to its desktop browser. Opera 10.53 is expected to be officially released tomorrow and is a recommended security and stability update.

Opera 10.53 fixes a possibly highly critical vulnerability, which was pointed out by Secunia. This vulnerability affects Opera 10.52 for Windows and may be used by hackers to execute malicious code. This release also fixes a few other issues including freeze-ups on Google Maps. It is not clear as to what has changed in Opera 10.53 for Mac.

In related news, Opera has also released a Beta Release Candidate i.e. a build that is almost as good as Beta, for UNIX. Although this build has some known issues including lack of support for Java and font issues with certain TrueType fonts, it is generally considered good enough for everyday use. Download it if you love to test new products, but don’t use it as your only browser.

[ Download Opera 10.53 for Windows and Macintosh ]
[ Download Opera Snapshot for UNIX ]

Trojan Horse Poses As Google Chrome Extension

Within a fairly short time, Google Chrome has managed to make a name for itself. Its impressive performance coupled with Google’s aggressive promotion has allowed it to zoom past Opera and Safari. However, fame always comes with a price to pay.

The increased adoption of Chrome has prompted malware developers to focus their attention on Google Chrome. According to BitDefender, there is already at least one malware, which is specifically targeted at Chrome users.


The trojan in question spreads through unsolicited emails, which lures unsuspecting users by promising better e-mail management features in Chrome. Once a user clicks on the supplied link, he is taken to a look-alike of the official Google Chrome extensions page, which serves an executable file (.exe) that spreads the infection.

It is worth noting that the malware does not directly exploit Google Chrome. Instead, it just uses it as an vehicle for fooling gullible users. The lesson in this case is simple – always pay attention to what you are downloading and from where you are downloading.

Conficker Worm Owns The World’s Largest Cloud Network

Cloud computing is quite the buzzword these days. Both Google and Microsoft have acknowledged its importance and have introduced multiple cloud related services over the past year. However, neither of them are the owners of the world’s largest cloud network. No, it is not Amazon either. According to the ReadWriteWeb, it is Conficker.

Conficker controls 6.4 million computer systems in 230 countries, more than 18 million CPUs and 28 terabits per second of bandwidth. Among the legitimate entities, Google is the largest, followed by Amazon. Google is made up of an estimated 500,000 systems, 1 million CPUs and 1,500 gigabits per second (Gbps) of bandwidth.

Conficker was first spotted in 2008 and quickly went on to become one of the most notorious worms in the history. It was not the most dangerous worm ever seen. However, the lengths to which it went to avoid detection and disinfection made it remarkable.

Conficker remains an enigma. Thanks to the massive botnet under its control, Conficker can unleash havoc, if it ever wishes to. Yet, to this day, it has remained largely silent. It is quite possible that Conficker became too large for its own good and the intense spotlight madethe entire operation too risky for the owner.

Microsoft Internet Explorer’s XSS Filter Can Be Abused to Execute Cross-site Scripting Attacks

Internet-Explorer-8-VulnerabilityOh the irony! Internet Explorer’s XSS filter, which was designed to prevent cross-site scripting attacks, can be exploited to carry out attacks that wouldn’t have been possible otherwise.

XSS or cross-site scripting is a type of vulnerability that allows malicious attackers to inject client-side script into web pages. A successful XSS attack can even allow the attacker to gain unrestricted access to the user’s personal profile and other sensitive information.

The IE8 XSS Filter vulnerability affects almost every website that lets users create profiles. Google.com, Wikipedia.org and Twitter.com are some of the high profile sites, which are affected by this attack.

According to Jerry Bryant, a spokesman for Microsoft’s security response team, most of the problems were fixed in the MS10-002 security patch, which was issued earlier this year. MS10-018 cumulative security update for Internet Explorer made further changes to the XSS filter to reduce the security implications. However, not all of the issues have been fixed. Some websites like Google have begun to proactively disable the XSS filter. Until the issue is completely taken care of by Microsoft, regular Internet Explorer users may be better served by switching to an alternate browser.

Microsoft Finally Fixes Internet Explorer Zero-Day Flaw – Patches 9 Other Vulnerabilities Along With It

As expected, Microsoft has released an out-of-band update to fix critical vulnerabilities present in all versions of Internet Explorer. This cumulative update includes as many as ten patches, including one for the critical Iepeers.dll vulnerability discussed earlier.

The afore mentioned vulnerability is currently being widely exploited by hackers to infect systems through drive-by downloads. In other words if you system is unpatched, simply visiting a compromised website is sufficient to get infected.


This is the second time this year that Microsoft has been forced to issue an out-of-band update. Earlier in January, it had issued an unscheduled update to fix a vulnerability, which was exploited in Operation Aurora. Microsoft Security Response group manager Jerry Bryant said, “Releasing the update early provides Internet Explorer 6 and 7 customers protection against the active attacks and provides users of all versions of Internet Explorer protection against nine other vulnerabilities”.

As mentioned earlier, this update applies to all versions of Internet Explorer. Most of the patches issues are critical or important. This patch does not however, fix the vulnerability that was exploited in the recent Pwn2Own competition to compromise a fully patched Windows 7 system.

Users who have disabled automatic update can download the appropriate files from here.

How to Find Out Who Is Spying On You

spying-on-you[Windows Only] Today, I found out that my computer at work had a trojan infection. Most of my co-workers would never have noticed the bug, but a little luck and the right tools made my discovery possible. Since I discovered the infection early, I was able to quickly  remove the malware. Do you know if evil computers are connecting to your PC? If you really want to find out, I recommend that you try two utilities from NirSoft.

Download and Install:
CurrPorts and IPNetInfo are both portable applications that are offered as ZIP files. You can unpack these ZIP files anywhere on your hard drive or even onto a flash drive to use them. CurrPorts and IPNetInfo work best if you put the files from both programs into the same folder. After I downloaded and unpacked them,   I ended up with the following files in my CPorts folder.


Run CurrPorts:
You can run CurrPorts by launching the cports.exe file. It will scan your computer and display a list of processes on your PC that are using the network and internet connections. The list contains the following columns of information on each connection.

Process Name *
Process ID
Local Port
Local Port Name
Local Address
Remote Port
Remote Port Name
Remote Address *
Remote Host Name
Process Path *
Product Name
File Description
File Version
Process Created On
User Name
Process Services
Process Attributes
Added On
Module Filename
Remote IP Country
Window Title

Search the information:
The most important columns to pay attention to are the columns described below.

Process Name is the name of the program or service on your PC that is making the connection.

Process Path tells you where the program or service is located on your hard drive. It’s important to know this location if you suspect that you have a spyware, virus or trojan infection.

Remote Address is a set of numbers that is often called the “IP Address”. This address is needed to identify the computers connected to you by the internet.

Many of the connections you’ll see won’t even have a remote address and you don’t have to pay as much attention to them. In order to unclutter the list and concentrate on the remote IP addresses, you can use the Options menu and uncheck the item labeled “Display Items without Remote Address“.


Identify WHO IS connecting:
Now that you have some IP addresses displayed, you can find out more about them by using NifSoft’s IPNetInfo utility. When you right click on any remote address shown in CurrPorts, you can find out more about it by choosing the IPNetInfo option. IPNetInfo will pop up and give you the WHOIS information if it’s able to.


Here’s an example of the WHOIS info for a Google page in Internet Explorer.


IPNetInfo.exe can be run all by itself by launching the ipnetinfo.exe file. When it’s running this way, you will have to paste in the IP Addresses manually to initiate WHOIS searches.

Stop the Spies:
Once you’ve identified all the owners of those remote IP addresses, you should have a better idea about who they are. You can usually find out more about them by using the company name in an internet search. If you are still suspicious that the IP addresses you are seeing are from the bad guys, you can check in several places to find out if they are on a watch list. I recommend that you search for malicious addresses at hpHosts. Just paste the remote IP address into the search box.

If you’ve identified a connection you don’t want, you can right click on entries in CurrPorts and either “Close” the connection or “Kill” the process on your PC. If you have a process running on your machine that continues to connect to IPs that are suspect, you should probably save an HTML report as shown below, then run an Anti-Virus and Anti-Spyware scan. I recommend using MalwareBytes or one of the other good free spyware removers. If that doesn’t do the trick, get some help from one of the Anti-Spyware forums. I always visit Temerc.com‘s forums when I need help.

If you wish to ask me about some of your remote connections, you can select one or more items in CurrPorts, click on “View” > “HTML Report – Selected Items”. When the report pops into your web browser, you can copy and paste the information into the comments below this article. You can also save the report from your browser using the File > Save menu.


Have a good day and surf safely!