Users had been counselled to delete the chrome.exe file. After the patch had been released, numerous users in Google’s support forum as well as on Twitter talked publicly about the issue. A Microsoft spokeswoman declared that in 3,000 cases, Google Chrome was uninstalled by one of the mentioned security tools.

Google tells users to install the patch fix first, then to reinstall the browser. According to a Google blog post, an update is going to be published fixing the error automatically.

New phishing attacks to Hotmail have recently occured. This is what the security company Trend Micro is reporting.

The phishing e-mail targeted at Hotmail users looks like it was sent by Facebook’s security team. Even viewing the message in Hotmail’s web mailer compromised the system—clicking links within the e-mail was not necessary. According to Trend Micro, the security flaw has been fixed in Hotmail.

The incident shows that web mailers are one of the main targets for hackers at the moment. As soon as they control your inbox, hackers can control your whole communication of both past and future, for example by setting up an e-mail redirection.

John Scarrow, Microsoft Safety Services, declared that there is currently no information that Hotmail customers are victims of phishing attacks similar to the recent Gmail attacks. Nevertheless, the Hotmail team is aware of the danger that spam, phishing and similar scams arise, and takes action against responsible people.

1. Don’t open images, files and links that others send you, even if it is from a friend. Ask the other person what the attachment is about before you receive it.
2. Don’t accept friend requests from people who want to add you, unless you really know them. You want to add a new friend? Send them a request yourselves.
3. Block unwanted messages. Somebody contacts you, but you don’t want to? Block them. Every Messenger contact has a right-click menu.
4. Don’t send out private data via Instant Messaging. Most chat networks, including Windows Live, do not encrypt the sent and received messages. So, avoid sending credit card numbers, your address, phone number, or e-mail address over IM.
5. Use a strong password for your Windows Live ID as well as for the corresponding e-mail account. This makes it harder for attackers to hack into your account.
6. Don’t meet with strangers that you know from online chatrooms or social networking sites only. If you choose to meet nevertheless, take a friend with you and choose a public place as meeting location.
7. Turn off your webcam when you don’t use it. There are malwares accessing your webcam without you knowing about it. So, check that the cam is off when it should be.

Following these simple guidelines, you can stay safe in Messenger. Even with more and more malwares spreading.

It appears that Microsoft is going to release the final version of its free security solution Microsoft Security Essentials 2.0 on December 17, 2010. Back in July, the team had published a first beta of this new antivirus version. In mid November, a second beta was released, however commonly judged as Release Candidate.

In the meantime, development has been finished, so the final Security Essentials 2.0 is going to be published soon. The update brings a set of new features that aim at protecting your computer even better.

For example, while installing the software, you are asked whether you want to turn the Windows Firewall on or off. Furthermore, Security Essentials 2.0 adds a protection against attacks from the web — if you’re using Internet Explorer, that is. Another new feature is the updated anti-malware system that detects and removes bad programs better, and is said to be faster while doing its job.

Lastly, Microsoft has integrated protection against network attacks. You can though only use it with Windows 7 and Vista, as Windows XP does not ship with the necessary Windows Filtering Platform.

In the corresponding spam mail, you might read that there is an update patch available regarding the security problems in Internet Explorer 9 and Firefox 3.x. This patch is said to be compatible with Windows XP, Windows Vista and Windows 7 and would be offered for download via the website microsoft-security.de (closed down in the meantime).

The electronic spam mail also contains a short installation manual. In the first step, recipients should download the mentioned fake “patch”, labeled “patch-web.exe” and launch it by double clicking.

After installing, a system restart is necessary. With friendly regards, the so-called Microsoft Director of Security Assurance, Steve Lipner ends the mail, according to information by the German news portal ‘T-Online’.

Commonly, you should always be alert with such e-mails announcing supposed security updates. You should only download updates from official and serious sources, as security experts recommend.

As the executable is said to be a new trojan, there is currently only rare information about this malicious software available. Experts still need to analyze the malware’s features.

Microsoft’s web mail service Hotmail, part of Windows Live, now supports SSL encryption throughout your session. Before, SSL was only used for the sign-in process. SSL includes encrypting the mails and data sent before they leave the computer you’re using. This helps that nobody in the middle can read what you get in your Inbox neither what you send.

Dick Craddock, Group Program Manager for Hotmail, adds:

Also starting today, SkyDrive, Photos, Docs, and Devices pages all automatically use SSL encryption, transferring all their data over HTTPS. By using a connection with advanced security features, you can be even more confident that your account is safer from hijackers, and your private information is less likely to fall into someone else’s hands.

To enable HTTPS encryption of your Hotmail session, follow these steps:

1. Browse to this Windows Live Account page.
2. If prompted, re-enter your Windows Live password. They ask for it to stop other people from changing your private settings.
3. To enable SSL, click the option Use HTTPS automatically, then click the Save button.
4. Done! Your webmail session is now encrypted.

Full SSL support for Hotmail may also cause problems when calling Hotmail via different domains than “mail.live.com”, or when using beta versions of common browsers, such as Firefox 4 beta.

If you encounter any problems while following the above steps, please leave a note!

Until now, attackers could lock account owners out of their accounts by gaining access to the password (for example by phishing, trojans or unencrypted wireless networks) and changing this password after sign-in. When the true owner did not have any alternate e-mail address on file and forgotten the security question, accessing the e-mail account was not possible anymore.

Now, Microsoft is adding sending of password reset codes via SMS to help users regain control over their accounts in case of emergency. To activate this feature, you have to tell Hotmail your mobile phone number before anything happens. The SMS contains a code that you can use to have your password reset on the recovery pages.

Furthermore, a new feature called “Trusted PC” is added. You can use it to link a specific computer with your Hotmail account and thus helps you to reset the password in case you need to. So, the features are useful for people who keep forgetting their passwords, too.

To protect the new features from being manipulated by intruding people, you cannot change one option without confirming your change by means of a different option. “For example, if your account was already set up with an alternate email proof and you wanted to add a cell phone number as well, you would need to use the alternate email address to do it,” explains John Scarrow, General Manager Safety Services. “This means that even if a hijacker steals your password, they can’t lock you out of your account or create backdoors for themselves. You will always be able to get your account back and kick the hijackers out.”

Finally, Microsoft announced that connections to Hotmail will be encryted with SSL completely, not only the sign-in procedure, like until now.

Instead of forcing users to use complex passwords — many sites and corporate networks do this —, Microsoft focuses on reducing the number of users with the same password. TechnologyReview reports that this should eventually lead to a similarly high security level as complex passwords.

With its approach, Microsoft Research wants to eliminate the need for complex combinations of letters, digits, special characters, upper- and lower case. The trick is to count: How many users are using the same passwords? As soon as this number gets higher than a defined threshold, new users cannot use this password anymore.

With access systems that have very many users, a certain complexity of passwords is ensured, so attackers cannot use commonly used, simple passwords to hack into accounts. Further, dictionary attacks can only be run at a very small level.

The researcher’s goal is an increased usability of login systems without making security worse. Currently, there are no plans yet to implement the research results in Microsoft services. At first, Microsoft wants to get feedback for this concept by security experts.

Users of Windows Live Hotmail should prepare for a change in the coming weeks. As announced, the new version of Hotmail will be available for some 370 million users worldwide gradually. Then, Hotmail awaits you with numerous news: Microsoft has improved the spam filter and watches how you interact with your mail. With filters, you can find mails with attachments, images or videos faster.

For sending big photo albums, Hotmail will offer SkyDrive Web storage and integrating preview thumbnails into the messages. The recipient can then download the photos. With this, you can send up to 200 photos, each one up to 50 MB, per e-mail. Microsoft is also making it easier to use the own, proprietary formats. Office documents attached to an e-mail can be viewed on PC and Mac without installing the corresponding Office application or a viewer.

Microsoft has also improved the security: Each user can use single-use codes for signing in. This allows you to sign in at public computers, for example in an Internet café, without having to enter your login credentials. Your complete Hotmail session is SSL-encrypted, not just during the login phase.

“Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search,” Alan Eustace, Senior Vice President, Engineering and Research, stated on Friday.

This helps you to protect yourself when using Google search. Especially in public hotspots or other publicly accessible local networks, this feature should increase privacy. Google is the first larger search engine operator providing such feature. Normally, SSL connections are limited to security-relevant applications, such as log-ins or online banking, due to the increased consumption of resources.

In the past two years, Microsoft has spent more energy in making Windows Live Hotmail even better. The result proves that these efforts were not in vain. But—what does “better” mean? What is important for a modern e-mail service in 2010 and beyond?

Security

With considerable amounts of spam and phishing mails flooding your inbox each day, it is important that you stay secure. Trusting your mail provider is of essential importance. Hotmail now checks every link that you click within e-mail messages. Even before they reach your inbox, mails are scanned for potentially harmful contents. This is done by the Microsoft Smartscreen filter. When a message is filtered, you will get informed of the reason. Mail from trustworthy senders displays an icon so you can recognize them at first glance.

With the new Hotmail, you will also be able to run your complete session SSL-encrypted. Sign-in is possible not only with user name and password, but also with single-use codes that are delivered e.g. to your cell phone. This increases your account safety in public places, such as airports or Internet cafés.

Easy usage

Hotmail Highlights inform you about your friends and their messages to you, about social news, events and birthdays. One-click filters allow you to scan your Inbox for relevant items, and new Quick Views display messages with attachments, videos or photos.

Removing unwanted mail is about to get easier. Have you ever been irritated by the bunch of messages delivered to you by Social Networks—“John Doe wants to connect with you”? When you are in need to find a certain mail, even newsletters can get into your way easily. With the Sweep feature, you can sort out such mails with a single click, and only your really important correspondence is left over.

Viewing messages in conversations is an good way to read even older messages sent by the same sender—with a simple mouse-over. Unlike the same functionality in Google Mail, in Hotmail you can turn this feature on and off as you need.

Focusing on mail contents

Often, messages you receive request that you take an action. For example, a friend may send you a link to a video on YouTube. Or, you want to take a look at the vacation photos in the Flickr album that your sister has just sent you. With Active Views, you can now watch the video or browse the photo album right from your inbox. Hotmail is also partnering with other companies and services like LinkedIn to provide an interactive experience, letting you take actions inside the email they send.

Access from anywhere

Reading and sending mail from your cell phone is getting simpler, too. If your phone supports Exchange ActiveSync, you can now sync your mail, calendar and contacts with your inbox on the Web. You don’t have to miss the rich functionality of Hotmail on your phone anymore, such as filters, previews, HTML views, reading messages offline, or show/hide message headers.

Integrating your Office

Microsoft Office 2010 is now integrated into Hotmail via SkyDrive, for free. This lets you view and edit Word documents, Excel spreadsheets, OneNote notebooks and PowerPoint presentations. With versioning, you can access older versions of the same document, from the Web—wherever you are, anytime you want.

Hotmail—ready for the future

With these upcoming improvements in mind, my opinion about Hotmail is getting better gradually. I see that the Windows Live team has invested time to think about how e-mail is used these days. What do you think about the new Hotmail?

Connection and configuration as error sources

Wireless routers are pure high-tech. Normal users cannot simply understand how they work in detail—and how they send and receive all these data. That is why most people rely on the default settings to be trustworthy and secure.

Sadly, that’s wrong: Though newly bought wireless routers have quite good security settings as default. Old ones do not have these. And now few users make errors when connecting and configuring—and sooner than later the important security settings are in vain, your own WLAN is public. The device itself won’t warn… I think it would be a good idea for manufacturers to display the security level directly on the device.

Check security settings manually

As they don’t, you have to check the corresponding settings in the device. Just sit in front of your computer and enter a quite uncommon number combination. A quite complex-looking menu will appear. However, you have to go through this. You should pay close attention to the security settings—so everything is set as secure as possible.

Here the most important tips so your neighbor or anybody on the road can go online with your wireless access point:

Tip 1: Encrypt

Make use of a secure encryption method! Best are WPA or WPA2. If your router offers these, then do use it. WEP is considered relatively insecure these days and should normally not be used anymore. And in any case, do not use a wireless network that is unencrypted. Modern routers can store the chosen wireless passkey on a USB stick. You can then plug this stick into your computer or notebook and thus copy the passkey easily and yet securely.

Tip 2: Change password

That is important too: Each WLAN sender (router) is protected by a password. Most PC users keep the default password set by the manufacturer, or even disable it completely. That’s bad. As any hacker can manipulate your wireless access with ease. Thus: in any case change the device password. You’re done fast, I promise.

Tip 3: Restrict access

People with more experience can get maximum protection. In the WLAN sender, you can set which computers, notebooks and mobile phones may establish connections. All other devices don’t get a chance. That’s the most simple way—yet a bit complicated.

Tip 4: Reduce signal strength

Normally, wireless routers send and receive with maximum signal strength. However, that is not always possible. Especially not in small apartments. A reduced signal strength is often sufficient. Then neither neighbors nor other unexpected surfing guests get wireless contact, your wireless network is more secure.

Public hotspots

Am I legally responsible for actions that strangers take on my public wireless network? They might share illegal copies of music, videos or software. While that is horrible enough for private wireless owners, but for public hotspot operators, like in coffee shops, restaurants or at public squares, that would be a desaster. Here access is mostly always unprotected, otherwise not everybody could connect with their notebook or smartphone.

If the legal responsibility is coming, surely many of these publicly accessible wireless networks will be closed down, or get restricted access only. For sure this is nothing to be fond of in our modern information society.

Entry points for hackers

Internet Explorer.  Outlook.  Outlook Express.  Windows Mail.  Windows Live Mail.  Microsoft Help System and the Microsoft Sidebar.  There are a half dozen of commonly important programs and features in Microsoft Windows that have become attackable.  That is very dangerous, which is why everybody is concerned about it.  Even several governments, like the German Federal Office for Security in Information Technics (BSI), have intensely warned about the security holes.  The “easy” solution:  Don’t use Internet Explorer—or at least use it in the so-called Safe Mode, so the danger can be reduced.

Alarm Level Red

The malicious thing about the current security hole: It is sufficient to navigate to a modified website—and the hole can be abused.  You won’t notice anything, you cannot see it on the site, maybe not even the site owner knows that their site is being abused for such purposes.  A nightmare concerning security.  Absolutely.

Quick Reaction by Microsoft

But gladly Microsoft reacted quite fast this time.  Within few days, the developers have removed the security holes.  Now the patches only have to find their way on your computer.  You have to install an update.  Some computers do that automatically, but I wouldn’t rely on that.  Luckily it is not very complicated to install the security update.

How to Fix the Hole

And this is how you can fix the security hole on your Windows computer: In the Start menu, call the “Windows Update” feature.  There is also a menu entry in Internet Explorer.  The computer then searches for current updates and important patches that you can download with one mouse click.  It will only take some minutes.  If you are advanced and want to learn more details: On its homepage, Microsoft explains all changes detailed and informs which holes have been closed.  After the update, your Windows computer is safe again—and you can continue to surf with Internet Explorer.

By the way: Not every security hole gets as prominent as the latest.  Nevertheless, there are lots of them.  That’s why you should run Windows Update on a regular basis, perhaps once per week.  It won’t take long—but you will be safe.

Using Alternative Browsers

With or without a known security hole: It can’t hurt to play around with other browsers as well.  Whether Firefox, Opera, Safari or Google Chrome: There are lots of possible alternatives.  If you test a different browser when it is calm and have it already installed, then you don’t have to waste lots of time looking around for an alternative when you mustn’t use Internet Explorer for a while.

Firefox

Largest competition for Internet Explorer: without a doubt Firefox.  Version 3.6, even faster, has only been published yesterday.  You should simply take a look at this browser.  Just download it for free and check it out, then it will be available anytime.  But other browsers like Safari, Chrome or Opera are interesting as well and have many fans.

Security Holes in Other Programs As Well

To stay fair: Over the past year, it was not Internet Explorer being the software with the most newly found important security holes, but a different software—Adobe Reader.  Nearly everybody has it installed, because it serves for viewing PDF documents.  Thus, it has become a favorite target for hacker attacks.  Many people just don’t think about that.  My tip: Keep important default programs, like Adobe Reader, up-to-date as well.  Just call the update feature within the software…

Last Friday, the CERT published a statement proposing an alternative browser.  The CERT makes French citizens aware of a security hole in Microsoft’s browser that is still unpatched.  Until Microsoft offers an update, the online community should use a different browser.

The French CERT warns about Internet Explorer versions 6, 7 and 8, while Microsoft has up to now only seen successful attacks using Internet Explorer 6.  They have officially confirmed the IE hole and is working on a patch that might even be published as extraordinary “Emergency Patch”.  Basically versions 7 and 8 are affected as well, but enhanced security measures seem to make the attack much more complicated, if not impossible.  Microsoft advises users to set the security mode to “High” and to use Internet Explorer’s “Safe Mode.”

Among others the still unpatched security hole in Internet Explorer has been used for attacks toward Google and many more companies.  The attack seems to originate from the Chinese government.

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Common phishing types

• Imagine you receive a mail “From: Microsoft Customer Support < somerobber@live.com >”.  If you don’t pay close attention, the phisher might trick you into reading the mail and thinking it comes from Microsoft.  Bad links inside such a mail will harm you even more.
• Another trick uses a mail address of one of your friends, like “From: Your dearest friend < yourdearestfriend@live.com >”.  What you don’t know is, they haven’t written the mail on their own, but a third party has used their login data after stealing them.
• Messy web addresses that look similar to the real addresses can also be used to mislead you.  So, watch out if you sign in to Windows Live, but the address bar reads “http: //login-live.com/…” instead of the correct “https ://login.live.com/”.  In this case, the phisher has registered the domain “login-live.com” to trick you to enter your sign-in data.

How can phishers use your data?

• They can sign in as you and send more phishing messages, this time from your e-mail address.  Your friends will thank you.
• They can reset your password at any web site where you have an account, by opening the password reset link in the mail you receive.
• They can sell your contact data, and you will get more spam.

How can you protect yourself?

• In Hotmail, there are several indications when you receive mail that might be dangerous.  Watch out for the yellow information bars that appear.  Windows Live Mail shows these information bars, too.

• Only open links in messages from people you know.  You wonder if it was really your friend who sent the message?  Why not ask them and get a confirmation this way.
• Neither Microsoft, nor any other serious company will ask you for your credentials via e-mail.

Based on: http://windowslivewire.spaces.live.com/Blog/cns!2F7EB29B42641D59!42740.entry