Gmail Vulnerable to a Change PW Attack!

Securiteam has made an announcement that Gmail has an issue.  I will quote:

GMail is vulnerable to CSRF attacks in the “Change Password” functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request.

An attacker can create a page that includes requests to the “Change password” functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker.

The attack is facilitated since the “Change Password” request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the “Change Password” form.

[Via Securiteam]

One way to prevent this to a point is right now having GMAIL automatically connect securely.  You would go into your settings in gmail and make sure it uses https connection:
This is one way to prevent the cookie attack but is still needing to be fixed.   Since it is using the HTTP GET method it should use the HTTPS method as soon as you try accessing the site.   Google needs to change to the HTTPS Get method instead to prevent this type of attack.   If you have any other ideas for Google just leave a comment.

ThePirateBay might be blocked in the US

I was looking around on Google and thought I just for giggles check out the Piratebay complaints. I tried going to the site and here’s what Popups:

I tried on OpenVPN and my Local ISP, It keeps saying that. I then tried on my Cricket Modem and it tells me the connection has been interrupted, like something stops the connection in the first place. I can ping it and I can Tracert the Site but I can’t even view it. I would like to know if Anyone else is having this problem also. Although I’ve not checked Thepiratebay.org complaints for quite some time because I’ve been so busy with my website. If you want to watch your favorite shows check out these sites like Hulu, CBS, NBC, ABC, ABC FAMILY and TNT.TV for free. I am just curious as to what happened and does this have anything to do with Net Neutrality?   Anyway I wanted to talk about this and see what people are saying.  Anyone know what is going on?  Let’s talk about this and help everyone by saying what you know.   I don’t know if Thepiratebay.org is down but I do wonder if someone is preventing people from getting to the website.   I’ll update when I have more information.

Digital Convert boxes for Feburary 17, 2008

It being close to the change over, I’d figure I’d show you some of them and talk about them. To better help people make up there minds on what might be there choice of a Digital Converter Box. This is to help people get the most out of there products.

The Specs for this Converter is:

Zenith DTT901 Digital TV Tuner Converter Box

• Digital TV Tuner Coverter Box
• Analog Pass-Through for Low-Power TV Stations broadcasts
• On-Screen Program Information with Remote Control
• Simple Connection to TV with supplied RF Cable
• Parental Control to Manage TV Programs and advanced Closed Captioning

$59.95 Free Shipping

It could be on sale so check the link for more price options.  I also found this one that is a little more expensive but supposed to be better:
GE 23333 Digital to Analog TV Converter Box

• Smart Antenna Interface
• Simple Setup
• Analog Pass Through
• Dolby(R) Digital Sound
• Receives Over-Air Hdtv Signals

$76.99 Free Shipping

Are you patched, Secunia Says NO

Think you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack.

So I wanted to talk about this a little and give you a few good ways to make sure you are patched.  There are several ways to get your system up to almost 100%.

Some things to do is make sure you have your Windows systems updated.  This is easy to make sure, if you have an internet connection you can just check for updates.  If you don’t know how to do it, it is quite simple, Just go here.    If you have Windows Vista all you have to do is hit Start and type in the search box “Windows Update” and hit Enter and you will be taken to the update page.

If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

Vista To release Service Pack 2 in April 2009

Some sources are reporting that Vista SP2 will be out in April.   According to Engadget they claim TechARP is a bunch of Malaysian Kids that like to boast about how they broke the Vista SP1 and XP SP3 release schedules to the world.  They claim though that Vista Release candidate is to be out around February.Microsoft has indicated that this SP3 will include Windows Search 4, Bluetooth 2.1 wireless support, faster resume from sleep when a wireless connection has been broken and support for Blu-ray.   I personally think it will include some of Windows 7 features to better get people accustomed to Windows 7 when they come out.

Although this is speculation and no hard evidence I think it has some merit due to the fact that Microsoft has admitted in the past that Vista was a big Letdown.  I don’t think they can any more to damage than they have already done.   If anything Windows 7 will be a easy Success if they pull it off in the right way!!!  Although with WIndows 7 be leaked online there is no telling what will happen. I am sure what ever happens will be interesting to say the least!!!

Time to Change your clocks.

Time to change those clocks of ours

Having been looking at one of my old clocks that would automatically change for Daylight Savings Time, I’ve had to keep reminding myself that it is an hour off. Starting tonight at 2 PM, it will be right. So I thought I would help people keep there computer clocks up to date by suggesting some good programs to us to keep your system having the right time.  So people know what dates are being affected according to the Greenwichmeantime they say  this:

Beginning in 2007, Daylight Saving Time is extended one month and the schedule for the states of the United States that adopt daylight saving time will be:

2 a.m. on the Second Sunday in March
to
2 a.m. on the First Sunday of November.

So that saying goes it “Fall back, Spring Forward“  So now here are some great programs to better help you get your computer clock up to snuff:

Worldtimeclock Atomic Clock Sync Program – It is a free program for you to use with your Windows.  Although you have to make sure your selected the right timezone once it is installed all you will need in an internet connection to sync your windows time with the atomic clock.

Bandwidth Tools For Monitoring your bandwidth

<<See Previous Post

So I’ve done some looking around for bandwidth programs.  So here’s what I found so far.  The programs I’ve got listed are not test and are therefore your responsible for any and all use of the programs.

• FreeMeter Bandwidth Monitor For Windows – Monitor network bandwidth (C#.NET 2k/XP+). Desktop and Systray graph. Configurable connection speed, update interval, color, transparency. Monitor any or all network interfaces. Ping/Trace/UPnP utilities. Email notifier (POP/IMAP). Requires .NET 2.0.

• Pipelog – Windows Bandwidth Meter — Pipelog is a Windows bandwidth meter that gives live statistics of accumulated bandwidth usage. It is written in C# and runs on the .NET Framework.

• Windows Service Monitor – Monitor and automatically restart Windows Services with this small Win32 command line utility. Windows Service Monitor (WinSMon) can monitor several services, restart services that stop/fail and limit the number of restart times.

• iptotal — iptotal is an IP traffic monitor. It listens to a network interface in non-promiscuous mode, and measures IP bandwidth usage. After the specified number of seconds, the average throughput is printed at total, input and output usage.