Welcome to my Need to Know blog!

My name is Tim Afflerbach.  I have been a software developer/computer consultant in my own practice (AfflerbachConsulting.com) since 1994.  I will be posting my notes here that I believe will help you, your family and your PC stay safe and be able to get things done faster, and save some money to boot!.  Everything I put on this blog I recommend highly!

Topics will range for the home user to the corporate user, from backup software to security issues and anything else I think could help you.

Very soon I will be adding information that will inform you about online predators.  A must read for all parents!

I hope to add new tips every other day (if not daily) as I come across info I think will benefit you.

Please, if you have any questions or comments please use the comment feature in this blog or send me an email!

Enjoy!

Tim Afflerbach
tafflerbach@gmail.com

Attacks against unpatched Microsoft bugs multiply

Computerworld – Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat.

Symantec, Sunbelt Software and SANS’ Internet Storm Center (ISC) bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by Internet Explorer (IE) to display Excel spreadsheets. There is no patch for the vulnerability, nor will Microsoft release one later today when it issues its July batch of patches.

Read More:

How to Discover Your Life Purpose in About 20 Minutes

This is good, please read on….

by Steve Pavlina

How do you discover your real purpose in life? I’m not talking about your job, your daily responsibilities, or even your long-term goals. I mean the real reason why you’re here at all — the very reason you exist.

Perhaps you’re a rather nihilistic person who doesn’t believe you have a purpose and that life has no meaning. Doesn’t matter. Not believing that you have a purpose won’t prevent you from discovering it, just as a lack of belief in gravity won’t prevent you from tripping. All that a lack of belief will do is make it take longer, so if you’re one of those people, just change the number 20 in the title of this blog entry to 40 (or 60 if you’re really stubborn). Most likely though if you don’t believe you have a purpose, then you probably won’t believe what I’m saying anyway, but even so, what’s the risk of investing an hour just in case?

Read on…

Ballmer Says Tax Would Move Microsoft Jobs Offshore

From Bloomberg.com

June 3 (Bloomberg) — Microsoft Corp. Chief Executive Officer Steven Ballmer said the world’s largest software company would move some employees offshore if Congress enacts President Barack Obama’s plans to impose higher taxes on U.S. companies’ foreign profits.

“It makes U.S. jobs more expensive,” Ballmer said in an interview. “We’re better off taking lots of people and moving them out of the U.S. as opposed to keeping them inside the U.S.”

Read more…

PersonalBrain – Organize Your Life Visually

from DownloadSquad…

Personal Brain is one of those unique applications that purports to be able to help you organize your life, and in fact actually can. Even more surprisingly, this complex package’s download is merely 3 Megabytes in size. So what the heck is this thing?

Anyone familiar with mind mapping will intuitively understand the user interface of PersonalBrain, although it’s not technically a mind map, in the traditional sense. PersonalBrain’s map can be thought of more as a web of thoughts, interlinked in many different ways. They describe it this way:
“PersonalBrain helps you organize all your Web pages, contacts, documents, e-mails and files in one place so that you can always find them—just like you think of them. This saves you time and makes your life easier! With PersonalBrain you can even find related items—that you worked on—but forgot existed.”

The application is difficult to describe, but becomes very clear with use even over just a short amount of time. The initial setup wizard does a good job of helping you to build a structure with your PersonalBrain that makes sense, and acts as a jumping off point for further entries. The user interface is intuitive and very responsive, allowing you to jump in and out of it seamlessly with your other desktop software.

There is a trial version available, however beware of the overly invasive information-gathering questionnaire that must be filled out to register for access to it. My experience so far with the application is that if this category of software is intriguing to you, then it is worth jumping through the hoops to get your hands on a trial version. The product sells for $79.95.  (There is a free version also)

Goog-411 now provides intersection info

From TechCrunch…

If you don’t use GOOG-411 when you are away from your computer and need directory assistance, you should. It is free and will give you the address or phone number of any local business. Today, GOOG-411 added an obvious feature it should have had all along: it now tells you the street intersections where a business is located.  Read more…

13 Great Free Backup Programs for Windows, Mac, and Linux

Making sure you’ve got a reliable backup solution is a must for any user – and more so for an administrator. Why? Well, mostly because your users probably aren’t very good at remembering to back up their own files. And so it falls to you to provide the right software for the job!  Read on…

Dangerous Microsoft DirectX vulnerability under attack

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.  Read More…

Beware of Obama spam

Please read this warning at: NETWORK WORLD

Excerpt:

The e-mails, which claim to come from news@president.com, have subject lines such as “Obama win preferred in world poll.”

The e-mail prompts users to click on a link to watch his “amazing speech.” If users download Adobe Flash Version 9 as prompted, they are infected with malicious code that allows their systems to be remotely controlled by hackers. The malicious code is a Trojan Horse dubbed Mal/Behav-027 by SophosLabs.

Windows users beware….

A few things from one of my favorite news letters: The Windows Secrets Newsletter

Internet Explorer is target of zero-day attack !

There’s no fix yet for Tuesday’s remote-code-execution exploit, which has already been found circulating in the wild.

Windows users should switch to a browser other than Internet Explorer until Microsoft releases a patch for this IE security hole.

MS08-076 (959807)
Sights and sounds of Christmas may be dangerous…
Windows Media Player versions 6.4, 7.1, 9, 9.5, and 11 are being updated to patch vulnerabilities that may be exploited in attacks coming from malicious Web pages. This time of year, friends and family regularly send humorous links to pages on such video sites as YouTube and Hulu. These media files may also be used by attackers to gain control of your computer.

While it’s enticing to watch the latest funny video link that friends and family send around — as evidenced by our own Katy Abby’s hilarous Wacky Web Week finds — just remember that some of these videos may be used in attacks. That seemingly innocent link to a musical Christmas greeting could be trying to place malware on your system.

Media Player 6.4 will see the update in the form of the patch described in KB article 954600, Media Player 7.1, 9.0, 9.5, and 11 are patched via the update in 952069, and systems running Media Services on Windows Servers will be offered the patch in 952068.

Give these patches a high priority this holiday season.

Increase online shopping security with virtual credit cards

If you are like me, we love to save time and find deals on the internet.  But one thing you must do (in my opinion) is not give out your primary credit card number!  Primary Credit Card Number you ask?  Well, read on or be a victim of ID theft!…

The Sound Money Tips weblog says that rather than avoiding online shopping for fear of identity theft, shoppers should get used to using virtual credit cards, aka substitute credit cards or controlled payment numbers.  Read more

A PUPPY FOR CHRISTMAS?

Our breeder, where we got Terra (www.terralynn.net), has an important message to anyone thinking about getting a puppy for Christmas. This is a MUST READ if you are considering a puppy for Christmas!

Please read her message here

It’s Official: Windows 7 Shipping Mid-2009

We’ve all sort of known that Windows 7 would be released in 2009, but Microsoft made the firmest statements to date on the topic. In a technical session on Thursday, the company outlined that Windows 7 software would ship mid-year 2009 with pre-configured Windows 7 systems shipping in time for the 2009 holiday season. (Note, the company still hedges a bit by saying “within three years of January 2007.”) It’s also reported that those listening very closely during the presentation could hear the soft but violent shattering of Microsoft employee vacation plans everywhere. [CNET]

Obama Launches Change.gov

mallumax writes

“Obama has launched Change.gov.  According to the site ‘Change.gov provides resources to better understand the transition process and the decisions being made as part of it. It also offers an opportunity to be heard about the challenges our country faces and your ideas for tackling them. The Obama Administration will reflect an essential lesson from the success of the Obama campaign: that people united around a common purpose can achieve great things.’ The site is extensive and contains Obama’s agenda for economy and education among many others. They first define the problem and then lay out the plan. Everything is in simple English without a trace of Washington-speak. The site also has details about the transition. According to many sources, Obama’s transition efforts started months ago. The copyright for the content is held by ‘Obama-Biden Transition Project, a 501c(4) organization’.”

How to Protect Your Wi-Fi Network from the WPA Hack

This just in from LifeHacker.com. If you use WiFi, this is very important!

WEP Wi-Fi security has been known as an easy-to-crack security protocol for a while now, which is why it was superseded by the more secure Wi-Fi Protected Access (WPA) standard. But now a PhD candidate studying encryption has found an exploit in the WPA standard that would allow a hacker to “send bogus data to an unsuspecting WiFi client,” completely compromising your Wi-Fi security and opening your network to all sorts of hacking. Lucky for you, it’s not terribly difficult to protect yourself against the new exploit.

The key: Just log into your router, switch off Temporal Key Integrity Protocol (TKIP) as an encryption mode, and use Advanced Encryption System (AES) only. TKIP is the only protocol that the hack applies to, so switching to AES-only will ensure that your Wi-Fi network is safe again. It’s quick and easy, so do yourself a favor and make the adjustment now so you don’t run into any problems in the future.

Expect attacks via latest Windows security hole!

This content is from an excellent news letter I receive on a regular basis.  I highly recommend joining.  Please read on about this VERY REAL security threat this is NOT A HOAX!…

Expect attacks via latest Windows security hole

By Susan BradleyFollowing Microsoft’s release last Friday of a critical, out-of-cycle patch, only sporadic reports of attacks based on this weakness have been received — but that may not last.

Apply the patch referred to in MS08-067 right away, because Trojan horses that take advantage of this security breach are sure to hit us soon.
MS08-067 (958644)
Microsoft monitors remote-access exploits

As I reported in last Friday’s special bulletin, everyone who uses Windows XP, Vista, Server 2003 or later should download and install MS08-067 (patch 958644), which is a critical corrective for the OS.

The good news is that, so far, Window Secrets readers report few problems installing the patch. The small number of glitches they have encountered can be cleared up by uninstalling and then reinstalling the update.

In the meantime, the Microsoft Security Response Center blog reports that the company has detected malware authors discussing online how to take advantage of this vulnerability. However, at this writing, Microsoft says it hasn’t discovered any new threats that use this exploit to drop a Trojan on targeted systems.

There may not yet be any fast-moving worm built specifically to exploit this weakness. But the vulnerability is similar to the hole that was used by the MSBlaster worm, which surfaced on the Internet in 2003. So don’t let down your guard. Patch your PC if you haven’t already done so, because this exploit is sure to be the focus of malware authors before long.

Since it’s only a matter of time until such attacks become widespread, I urge you to reach out to other Windows users you know to ensure that they’re protected from this vulnerability — once you’ve patched your own systems, that is.

To read more about this fix and help with patching your system or to sign up to receive this news letter, please follow this link:

Expect attacks via latest Windows security hole

The Best Firewall Software of 2008

My first choice for a firewall.  Please read on…

Online Armor Personal Firewall v2

(From the Online Armor site)

Online Armor protects your computer’s internet connection (inbound connections and outbound connections), stops unknown programs from running and detects keyloggers – plus lots more!. Online Armor is a full security system for your computer, but has been designed to be very easy to use. You can check out it’s features in detail by looking at the menu on the left.

There are two different versions of the Online Armor firewall.

Online Armor Free

Online Armor FREE is our powerful windows firewall – the only FREE firewall to offer 100% leak protection out of the box! It’s easy to use, powerful – and completely free. Online Armor is straightforward, and simple to use.

Online Armor includes powerful “HIPS” functions, which give you the ability to stop all unrecognised programs from running on your computer unless you say so, making it possible to protect yourself against these new attacks. Of course, programs Online Armor knows are safe will be allowed to run, no problem.

This is different to a pure Antivirus program – these let any program run, unless they know it is a virus. This means that it must have that that exact threat in its database before it can do anything about it. Your antivirus will completely ignore programs it does not recognise – which unfortunately includes new viruses.

Online Armor (my recommendation)

Like Online Armor FREE, Online Armor is also a powerful windows firewall – and also offers 100% leak protection right out of the box. It is easy to use, and powerful just like it’s free cousin.

Online Armor combines all of the features you’d expect from a personal firewall, plus adds several useful enhancements. Online Armor’s advanced mode lets you adjust the firewall settings precisely to your liking, import blacklists. If you perform transations online, Online Armor’s banking mode protects you by only allowing you to go to legitimate bank websites.

Online Armor also provides powerful protection against keystroke records and even filters your email messages to weed out banking scams. While you’re surfing the web, Online Armor filters web pages that you visit to remove potentially dangerous content. If you choose to purchase Online Armor, you’ll receive a lot of extra benefits over the already powerful free version. Check the comparisons page for more details.

Cell Phone Ban for California Train Operators Passes

Well it’s about time laws are past!  Cell phones and motor vehicles don’t mix!

By Michael Santo
Editor-in-Chief, RealTechNews

The California Public Utilities Commission (CPUC) met on Thursday to discuss an emergency order which would ban the use of cell phones by train operators. While individual companies may have had such rules in place, there was no law backing up the rules.

Read full story here…

Clickjacking: Researchers raise alert for scary new cross-browser exploit

(From zdnet.com)

Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.

In a nutshell, it’s when you visit a malicious website and the attacker is able to take control of the links that your browser visits.  The problem affects all of the different browsers except something like lynx.  The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you.  It’s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch.  With this exploit, once you’re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening.

Read the full story here

Note: See UPDATE for a defensive measure!

Foxit Reader 2.3 for Windows

An exclusive small and fast PDF Reader!

Foxit Reader is a free PDF document viewer, with incredible small size (only 2.55 M download size), breezing-fast launch speed and rich feature set. Foxit Reader supports Windows Me/2000/XP/2003/Vista. Its core function is compatible with PDF Standard 1.7.

In the past, you’ve had to download a huge PDF reader from another software company, go through a lengthy installation process and wait for an annoying splash window to disappear just to open a PDF document. Moreover, if you want to annotate a PDF document, you have to pay US$299 to buy certain software.

Now with Foxit Reader, you don’t have to endure such pain any more. The following is a list of compelling advantages of Foxit Reader:

• Incredibly small: The download size of Foxit Reader is only 2.55 M which is a fraction of Acrobat Reader 20 M size.
• Breezing-fast: When you run Foxit Reader, it launches instantly without any delay. You are not forced to view an annoying splash window displaying company logo, author names, etc.
• Annotation tool: Have you ever wished to annotate (or comment on) a PDF document when you are reading it? Foxit Reader allows you to draw graphics, highlight text, type text and make notes on a PDF document and then print out or save the annotated document.
• Text converter: You may convert the whole PDF document into a simple text file.
• High security and privacy: Foxit Reader highly respects the security and privacy of users and will never connect to the Internet without users’ permission. While other PDF readers often silently connect to the Internet in the background. Foxit PDF Reader does not contain any spyware.

Use this link to read more and/or download via the ‘Download’ button (Not the ‘Get it Free’ button)

With CrossLoop, Users Can Get Help From Techie Friend

WSJ’s Walt Mossberg reviews CrossLoop, a free software that allows users to securely work with other computer users located in different geographical areas. Walt says CrossLoop, which enables you to see the screen and control the mouse and keyboard on a remote computer, is worth a try. (Sept. 25)

And yes, if you would like me to help you with a problem, I am registered with CrossLoop.  Just shoot me an e-mail.  Existing customers please call!

Read the review

See a video of Walt using CrossLoop