Safety "Tip of the Day" 11-30-09

Avoiding Lead in Toys!
(Phoenix, Ariz. - Nov. 25, 2009) Arizona Attorney General Terry Goddard today urged parents and anyone buying toys for children this holiday season to take steps to avoid toys contaminated with potentially dangerous levels of lead.

Last year, the Arizona Attorney General’s Office reached a multi-state settlement with Mattel, Inc. and its subsidiary Fisher-Price, Inc., to protect children from lead in popular toys.
The agreement required Mattel to implement strict new limits on the amount of lead allowed in children’s toys, to notify the state Attorneys General if it finds that lead levels in any of its products exceed state or federal law, and to work with the Attorneys General to remedy any such violations.

Recently, the California Attorney General announced that the following products were found to have excessive lead in violation of California’s Safe Drinking Water and Toxic Enforcement Act of 1986:


- Kids Poncho sold by Walmart, 677 ppm.

- MSY Faded Glory Rebecca Shoes sold by Walmart, 1,331 ppm.

- Reversible Croco Belt sold by Target, 4,270 ppm.

- Dora the Explorer Activity Tote sold by TJ Maxx, 2,348 ppm.

- Paula Fuschia Open-Toed Shoes sold by Sears, 3,957 ppm.

- Disney Fairies Silvermist's Water Lily Necklace sold by Walgreens, 22,000 ppm.

- Barbie Bike Flair Accessory Kit sold by Tuesday Morning, 6,196 ppm.


Following Monday’s recall of more than one million cribs, Goddard also warns consumers to remain cautious when purchasing products for children and offered the following tips to anyone shopping for a children’s product or toy:

o Visit www.recalls.gov <http://www.recalls.gov/> before purchasing children’s products to ensure the item has not been recalled.

o Check the manufacturer’s suggested age restrictions.

o Visit the Consumer Product Safety Commission’s Web site, www.cpsc.gov <http://www.cpsc.gov/> , to sign up for regular recall notice emails.

If you believe you have been a victim of fraud, please contact the Attorney General's Office in Phoenix at 602.542.5763; in Tucson at 520.628.6504; or outside the Phoenix and Tucson metro areas at 1.800.352.8431. To file a complaint in person, the Attorney General’s Office has satellite offices throughout the state with volunteers available to help. Locations and hours of operation are posted on the Attorney General’s Web site at www.azag.gov <http://www.azag.gov/> . Consumers can also file complaints online by visiting the Attorney General's Web site.

Recall 2009.mp3

Security "Tip of the Day" 11-24-09

Microsoft Security Update
Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.
The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.
At this time, we are aware of no attacks attempting to use this vulnerability against Internet Explorer 6 Service Pack 1 and Internet Explorer 7. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
Mitigating Factors:
•
Internet Explorer 8 is not affected.
•
Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.
•
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
•
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
•
By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

Security "Tip of the Day" 11-23-09

Terry Goddard Offers Tips to Avoid Fraudulent Holiday Charitable Appeals
(Phoenix, Ariz. - Nov. 12, 2009) The holiday season is fast approaching, a time of year when many Arizonans give back to their communities. To help ensure a rewarding experience, Attorney General Terry Goddard recommends consumers take the following precautions when making charitable donations:

o Do not pay bills or invoices you have received from charities unless you know you have already made a commitment to support them.

o Be skeptical of anyone asking for a donation by requesting your credit card number or bank account information over the phone unless you already donate to that charity.

o Don’t be shy about asking what percentage of your donation will go directly to the charity versus what percentage will go toward administrative costs.

o Remember to ask for a receipt and a statement that the contribution is tax deductible.

o Call the Secretary of State's Office at (602) 542-4285 or visit their Web site, www.azsos.gov <http://www.azsos.gov/> , to make sure the charity is registered with the Secretary of State.
A charity that operates without such registration is violating the law and should be a red flag for consumers. Be aware, however, that registration with the Secretary of State does not ensure that all of the charity’s activities are legitimate.

Several Web sites, including www.charitynavigator.org <http://www.charitynavigator.org/>
, www.give.org <http://www.give.org/>
and www.guidestar.org <http://www.guidestar.org/> , provide information on the financial histories of numerous charities. These can be a useful starting point for consumers looking to research companies to which they are thinking of making donations.

The Attorney General’s Office offers numerous resources to help consumers stay safe this holiday season, including red flags for common holiday consumer scams and resources to make sure the gifts you give are safe and age appropriate. New information will be released each week throughout the holiday season and is available at Attorney General’s Web site, www.azag.gov <http://www.azag.gov/> .

If you believe you have been a victim of fraud, please contact the Attorney General's Office in Phoenix at 602.542.5763; in Tucson at 520.628.6504; or outside the Phoenix and Tucson metro areas at 1.800.352.8431. To file a complaint in person, the Attorney General’s Office has satellite offices throughout the State with volunteers available to help. Locations and hours of operation are posted on the Attorney General’s Web site at www.azag.gov <http://www.azag.gov/> . Consumers can also file complaints online through the Web site.

Computer "Tip of the Day" 11-20-09

Anyone in Health Net?
--Lost Hard Drive Holds Seven Years of Health Net Patient Data (November 19, 2009) A hard drive containing personal and medical information of 1.5 million Health Net customers was lost in May, but the loss was not disclosed
until earlier this week. The drive contains unencrypted Social
Security numbers and medical information dating back to 2002; the breach affects customers in Arizona, Connecticut, New Jersey, and New York.
Connecticut Attorney general Richard Blumenthal is investigating why the company waited six months to disclose the device's loss. Health Net, which is based in California, is also investigating the incident. The company will send out breach notification letters to affected customers the week of November 30.
http://www.wired.com/threatlevel/2009/11/healthnet
http://www.courant.com/health/hc-healthbreach1119.artnov19,0,1798384.story
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1374839,00.html
http://www.computerworld.com/s/article/9141172/Health_Net_says_1.5M_medical_records_lost_in_data_breach?source=rss_security
http://healthnet.tekgroup.com/press_kits.cfm?presskit_id=13

Computer "Tip of the day" 11-19-09

What is spyware? Despite its name, the term "spyware" doesn't refer to something used by
undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type.
Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become
slow or sluggish. There are also privacy implications:
* What information is being gathered?
* Who is receiving it?
* How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your
computer:
* you are subjected to endless pop-up windows
* you are redirected to web sites other than the one you typed into your
browser
* new, unexpected toolbars appear in your web browser
* new, unexpected icons appear in the task tray at the bottom of your
screen
* your browser's home page suddenly changed
* the search engine your browser opens when you click "search" has been
changed
* certain keys fail to work in your browser (e.g., the tab key doesn't
work when you are moving to the next field within a form)
* random Windows error messages begin to appear
* your computer suddenly seems very slow when opening programs or
processing tasks (saving files, etc.)

Tomorrow see; How can you prevent spyware from installing on your computer.

Computer "Tip of the Day" 11-16-09

--Flash Flaw Could be Exploited to Upload Malicious Code to Websites (November 12, 13 & 16, 2009) A vulnerability in Adobe Flash can be exploited to upload malicious code to websites. The flaw could also affect other active content, such as JavaScript. Adobe says the flaw is "unpatchable" and that the problem lies in widely used web design practices that are not secure. Adobe director for product security and privacy Brad Arkin noted that "Sites should not allow user uploads to a trusted domain."
http://www.theregister.co.uk/2009/11/13/adobe_flash_wallop/
http://www.scmagazineus.com/researcher-finds-frighteningly-bad-adobe-flash-flaw/article/157734/
http://www.v3.co.uk/v3/news/2253145/researchers-warn-flash-issue
http://www.computerworld.com/s/article/9140768/Flash_flaw_puts_most_sites_users_at_risk_say_researchers
ISC: http://isc.sans.org/diary.html?storyid=7585

Computer "Tip of the Day" 11-09-09

Naked Windows 7 vulnerable to Malware if left in default state.
Sophos did some testing with a retail copy of Windows 7 installed on a clean system. Configuring it to follow the default settings for User Account Control (UAC), and leaving out any anti-Malware protection, Sophos discovered they were able to infect the system with Malware.
“Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7,” Sophos said.
UAC did block one sample, Sophos said, but failed to block anything else. “Lesson learned? You still need to run anti-virus on Windows 7,” wrote Sophos’ Chester Wisniewski.
Chester has a valid point, and the testing was done to prove that Windows 7, when left without layered security, is just as vulnerable as any other Windows operating system, including Vista, which had an infection rate 61.9-percent less than Windows XP according to Microsoft’s latest numbers in their Security Intelligence Report. The problem is that Vista has about a 20-percent market share, while XP is just over 70-percent.
"Chester Wisniewski's observations that, on a clean machine, Windows 7 became infected with eight out of the ten viruses tested sounds bad, but, in our opinion, this is indicative of the sheer volume of code that goes into operating systems today," said Richard Kirk, Fortify's European director.
"When you factor in the issue that there are often more than a million lines of code in a typical Windows application
, you begin to understand the scale of the problem for software developers.”
Kirk went on to say that since there are a range of free-to-use anti-Malware applications, as well as a plethora of low-cost pay-for IT security suites available, the problem is not a major one for most Windows 7 users.
The testing by Sophos, as mentioned, showed the exact infection level that can be expected when you use default settings and leave out layered security. Just because Windows 7 added in a good deal to make security easier to use and improved several elements, does not mean it is flawless or bulletproof.

November Meeting Notice

Computer "Tip of the Day" 11-05-09

- - Windows Update. A yellow shield with a black exclamation point in the middle near the lower right corner of your desktop in the Notification area. This icon comes and goes. It appears when Windows Update is busy downloading or installing critical security updates intended to patch security holes and help keep your computer safe. When you touch the icon with your cursor, a bubble message tells you what Auto-Update is doing.
It may be busy downloading updates. Avoid logging off or shutting down your system until the download and installation are complete. If it has finished downloading updates, it may be waiting for the nod from you to install them. Click on the icon and tell it to go ahead. Or your computer may need to be restarted in order to complete the installation.
The sooner you restart your system, the sooner the updates will take effect.

Heads-up! The Auto-Update icon won't appear if Automatic Updating is turned off. Make sure Auto-Update is turned on and has the recommended
settings:
http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off