After an embarasingly long absence I'm back to maintaining my own website, this time with more modest aspirations.
The main focus will be security, your own computer and your adventures online. That will appear on the main page. Resources will have programs and web sites to help keep/get you out of trouble. Reading will be an eclectic mix of stuff and food will be about my new found interest in cooking.

A DNS rebinding vulnerability in millions of routers used in homes could be exploited to hijack the routers, steal data or redirect browsing activity. The vulnerability can reportedly be exploited by tricking users into visiting specially crafted web pages. See SANS NewsBites Vol. 12 Num. 57 for related links
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=12&issue=57&rss=Y

You thought, like most of us, that turning the “auto-run” feature for removable drives off is sufficient to keep “Worm/Autorun” at bay. Well, you are wrong. AVG reposrts that a recent arrival at thier lab came complete with a valid certificate of Realtek Semicondutor Corp. If that's not scary enough the delivery system is the ubiquitous shortcut file .lnk. Check the drive with anything that supports icons (Windows Explorer and every subset of it) and you've been had.
http://viruslab.blog.avg.com/2010/07/dangerous-flash-drives.html

An unpatched hole in the PDF format is being actively exploited. Attackers are sending malicious messages that appear to come from company system administrators and have subject headings regarding mailbox setting changes. The messages claim the attachments contain instructions for updating email settings. The attachments instead infect users' computers with malware known as Auraax or Emold. The attack exploits PDF viewers' "/Launch" functions to infect computers.
http://www.computerworld.com/s/article/9176088/Major_malware_campaign_abuses_unfixed_PDF_flaw?taxonomyId=208

The US Federal Trade Commission (FTC) is cracking down on a group of patient cyber thieves who set up phony businesses and merchant accounts and made millions of small fraudulent charges to over one million payment cards. How closely did you check your last credit card statement?
http://www.theregister.co.uk/2010/06/28/ftc_micro_payment_scam/

In their hunt for market dominance, social networks Facebook, Google Buzz, and Microsoft Live are redefining what social means — and in the process, straining the bounds of personal privacy.
Read the entire article by Scott Mace on Windows Secrets http://windowssecrets.com/2010/05/20/01-Tighten-your-Facebook-privacy-settings/
or Bob Rankin's piece at http://askbobrankin.com/facebook_privacy_settings.html?tbart

Kaspersky Labs has issued a report that the US is the number one source of malware, replacing China. Russia came in second, followed by China.

Tens of thousands of web pages have been infected with malicious HTML code that redirects visitors to a web server that tries to download malware onto their computers. The attacks have compromised web pages on several high-profile sites, including The Wall Street Journal and The Jerusalem Post. While researchers do not yet have a definitive answer as to the nature of the attacks, there is strong suspicion that an SQL injection attack was used. All the affected web sites appear to be running Microsoft Internet Information Services Web-server software with Active Server Pages. The number of affected pages has dropped significantly since the attack was first detected.

Internet Storm Center: http://isc.sans.edu/diary.html?storyid=8956
http://www.theregister.co.uk/2010/06/09/mass_webpage_attack/
http://www.computerworld.com/s/article/9177904/Mass_Web_attack_hits_Wall_Street_Journal_Jerusalem_Post?taxonomyId=17
From SANS NewsBites Vol. 12 Num. 46

The Universities of Washington and California San Diego teamed to form the Center for Automotive Embedded Systems Security to see if they could wirelessly hack into car security systems. They succeeded in creating a device able to remotely kill the engine, disable the brakes, sound the horn, control the radio and lock the doors of a test car. "We believe that car owners today should not be overly concerned at this time."
"What me worry?" For more info http://www.autosec.org/index.html

"One of the driving forces behind the rapid and widespread adoption of the Web was online shopping, or e-tailing. Today, just about anything that you can purchase or rent is available on the Web. Just as earlier generations were initially suspicious of mail-order purchasing, you should also apply a healthy dose of caution to online shopping and familiarize yourself with the rules of the road."
Read the entire article in the current SANS Ouch http://www.sans.org/newsletters/ouch/issue/20100602.php

Protecting yourself from the criminals of the Internet shouldn't cost you a fortune. In fact, it doesn't have to cost you anything. Read the areticle in Windows Secrets at Online Security

Stephen Northcutt President of the SANS Technology Institute wrote recently in response to an article about scareware convictions in SANS NewsBites:

I do not like what I am about to say, but I do not see an alternative. As you read the related story about online gaming credentials, and combine that information with many other disclosures, you will see that we are losing ground to the point that it is highly probable that everyone reading this note has had their personal details stolen. The only thing saving us from direct attack is that there are more stolen identities than the crooks have had time to exploit, so far. Even if you run NoScript, keep up to date with patches, etc, when you purchase something using a credit card and that merchant doesn't have enough security AND that merchant stores your credentials, your details end up in these massive databases that will soon have specialized search.

In Ian "Gizmo" Richards Windows Secrets Newsletter article (Issue 245 • 2010-05-27) he states in part:
"Yes, the Internet can be a dangerous place. But use smart computing practices and the right security products, and you can reduce your risk to very low levels.
Security product vendors want you to believe that the only sure way to ward off malicious Web attacks is to load your PC to the gunnels with security products — theirs, of course.
Read the entire article at http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf

The safety and security of your family while online seems to be under seige from a barrage of unsavoury influences. Fortunately there are tools and techniques to help.

If you have family and friends who might benefit from some security guidance, you might share this New York Times article with them. It steers clear of jargon while offering concrete advice about how to manage each of the issues. http://www.nytimes.com/2010/05/20/technology/personaltech/20basics.html