Tech.It.2.Me->{By.Anton.Perez}

A company named Intego apparently found a malicious Trojan Horse that actually is harmful (OS X attacks and exploits were previously developed that lacked malicious power).  According to Intego the Trojan Horse:

…disguises itself as a video codec that offers access to a pornographic video…and users attempting to install the codec receive a piece of malware classified as a ‘DNS Changer’ which modifies the way OS X handles the DNS requests used to link numerical IP addresses to web URLs.

The tool allows the attackers to redirect web traffic. Users attempting to visit PayPal, eBay or certain banking sites, for instance, will be directed to a phishing website instead.

You will see something like:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

Read more about OSX.RSPlug.A.  And just keep in mind that “a spokesperson for Symantec suggested that Intego “has a tendency to over-hype things.”

I had forgotten to add SQL Injection prevention logic when I integrated and implemented a SQL search function for my employer’s internal ASP.NET app.  So in this post, I’m adding it for archival and sharing purposes.

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

BTW, here’s an excellent article about SQL Injection on the MSDN site. 

1. The first thing you’ll need to do is grab the user’s input from the search textbox; for example:

// Get user search input
string requestString = txtSearch.Text.Trim(null);

2. Next, you’ll need to add logic to see if the user input contains any of the following:

I added something like this:

if ((requestString.Contains(";")) || (requestString.Contains("'")) ||
    (requestString.Contains("--")) || (requestString.Contains("/*")) ||
    (requestString.Contains("*/")) || (requestString.Contains("xp_")))
{
    // Stop processing and notify user
}
else
{
    // Continue processing and show results
}

3. Build/compile your app then test it out.  If all goes well, you should not get any errors and your web app’s search function should now be SQL Injection-proof.

Just in case you want to make use or take advantage of “hard to hack” passwords, use the Password Chart as your compass. You’ll probably want to use some sort of password manager to auto-fill for you. ;0)

Go here to check it out. Ciao!

Phishing is serious business, so a while back I looked around for safeguards to assist me while browsing.

In computing, phishing is a criminal activity using social engineering techniques.[1] Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and PayPal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out using email or an instant message,[2] and often directs users to give details at a website, although phone contact has been used as well.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures

And ta-da, I found McAfee SiteAdvisor. Their site states:

We test the Web to help keep you safe from spyware, spam, viruses and online scams.

I’ve been using the Firefox plugin for about a year and so far it works pretty good. What happens is when you search with Google, Yahoo! or MSN, SiteAdvisor’s safety ratings appear next to search results. Also as you browse the web, a small button on your browser toolbar changes color based on SiteAdvisor’s safety results.

Take it easy! ;0)

A friend and coworker of mine, Arthur Freyman, told me about a miniature device that provides all the security you’ll ever need out-of-the-box. It’s called Yoggie.

Reading the specs and services it provides is so far pretty good – and not surprising, it runs Linux under the covers.

Just think how cool it would be taking this device/gadget along with you when you’re on a road trip or working/surfing at a Starbucks…I think it’s an excellent idea and product from a bird’s eye view. Unfortunately, neither of us has tried it yet, but one of us will soon.

Here’s a screenshot of the architecture.

If you have one, let me know, and watch out for a future blog post on this in the not so distant future. =0)