Skip to Content

security

Blind computer users struck by a very unusual Trojan attack

January 22, 2008 • Darrell Shandrow Hilliker

We have just received a disturbing report from Vanja Svajcer on the SophosLabs security blog indicating that a recently distributed “unofficial” build of Freedom Scientific’s JAWS 9.0 screen reader making the rounds on various blindness related mailing lists contains dangerous code that disables the use of JAWS and most other screen readers. In his article, Blind computer users struck by a very unusual Trojan attack, Vanja describes a scenario in which a blind user’s computer may essentially be reduced to something about as useful as a very large paperweight, at least until a sighted person can come along to help clean up the mess with appropriate anti-virus software. We should all keep two critical lessons in mind when considering whether or not to download and install software onto our computers:

  • Is the software being offered legal? “Cracked” or otherwise illegal copies of software may contain Trojan Horse code or other malware that may cause damage to your computer’s operating system, applications or data. Not only is the download and use of illegal software unethical, it may actually be detrimental to your digital life.
  • Is the software being delivered by a credible source? In addition to the advertising of a “cracked” copy of JAWS 9.0, it is also believed that the malware mentioned in Vanja’s article may have been distributed under the guys of an “unofficial” JAWS build provided to a customer by Freedom Scientific’s technical support team in order to solve specific issues. Those issues were never clearly specified. The software was being provided by a third party, not directly by Freedom Scientific. The lesson here is that we should check with the company developing the software before downloading and installing any updates. In the case of shareware, free software or open source software, we should take care to download from a reputable source, such as Download.com, FileForum or SourceForge.

Our computers and, even more so our data, are too important to place at unnecessary risk. Let us all take care to protect our valuable digital resources.

Categories: JAWS, open source, security

Showing Internet Explorer 7.0 How to Get Along with VIP Conduit

May 6, 2007 • Darrell Shandrow Hilliker

Are you having trouble accessing the chat rooms at http://www.vipconduit.com using Internet Explorer 7.0? Are you seeing various browser security related messages? Even though you know you have downloaded and installed the latest version of the VIP Communicator, is the client showing you strange error messages and unceremoniously closing? The solution is to add vipconduit.com to Internet Explorer’s “Trusted sites” zone and reduce the security of that zone. Here’s how to get that done:

  1. Open Internet Explorer 7 as usual.
  2. Press alt+t to pull down the Tools menu.
  3. Press o to select Options.
  4. Press Control+Tab to move to the Security page.
  5. Press tab to “select a web content zone”.
  6. Press right arrow until you reach “Trusted sites”.
  7. Press tab twice to move to the “security level” field.
  8. Press the End key to set the security level to “0 percent” which allows trusted sites to download, install and run most content without prompts.
  9. Press shift+tab to move to the “Sites” button, then press the space bar.
  10. If you are not already there, press shift+tab to move to the “Add this website to the zone” field.
  11. Press tab to select the Add button and press the space bar.
  12. Tab to the “Close” button and press the space bar.
  13. Tab to the OK button and press enter to dismiss the dialogue box and return to the browser window. You have now added vipconduit.com to the list of web sites that are implicitly trusted by your browser.

You can repeat this procedure for any sites you wish to use without running into frequent security related prompts displayed by means of Internet Explorer’s new info bar. Exercise extreme caution when adding a site to those trusted by Internet Explorer. It would be a very good idea for you to implicitly trust the authors of the web site before even thinking about asking your browser to do the same.

Categories: security, tips