Safe and Secure

A new security flaw has been exposed in Windows involving “Windows Metafiles” which typically have a .wmf filename extension. The flaw is rated as critical and no patch is yet available from Microsoft to fix the security hole. It is recommended that users not open or preview any files witha *.wmf extension and set Internet Explorer security settings to “High”.

The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003/SP1 are reportedly also affected. Computers will be infected by programs from the Agent.acd family, if users visit unionseek.com or iframeurl.biz. The malicious programs are downloaded to the victim machine and launched via the WMF vulnerability. Agent.acd will then download other Trojan programs to the victim machine.

Source: Techtree.com India > News > Security > Windows Metafile Flaw Exploited

A Michigan company offers temporary tattoos for children, with a twist. The tattoos contain identification and contact information in case the kids are separated from their parents while traveling or separated from a group while on field trips. Tattoos are also available for people with Alzheimer’s Disease.

Designed by a Michigan woman, the tattoos come in six colors, with kits for boys and girls. The tattoos cost about $2 each or $10 for a travel kit that includes six tattoos, a marker for writing a phone number, towelettes to apply the tattoo with and alcohol wipes for removing it. The tattoos generally last for a week, said Cindi Aldrich, who owns Temporary Tattoos With A Purpose. Frey said his daughter’s tattoo started to rub off a little on the way to the airport.

More information from Tattoos With a Purpose

courant.com | Tattoos Give Children Identification That’s Hard To Lose

A new worm making the rounds of all the major Instant Messenging networks attempts to trick you into believing you’ve received a file from a friend. Click the file and you get a picture of Santa - plus a nasty little rootkit installed to your system that could give hackers control of your computer. As with email, you should not open any file attachment unless you are expecting it and know exactly what it is. If a friend sends a link or file by IM, message them back and ask what it is before you open it. If they say they didn’t send anything, it’s almost certainly a virus and should be deleted immediately. If they did send it, you should still scan it with an up to date antivirus program before opening.

The IM.GiftCom.All worm has made an appearance on several messaging networks, including America Online, Microsoft MSN, and Yahoo.

The worm attempts to dupe you into believing that a friend has sent you a link to a harmless file. If you click on the file, you see an image of Santa. While viewing it, the worm attempts to install a rootkit on your system.

Santa Worm Hits Messaging Networks - Computing -

Microsoft revealed a critical security flaw in its Internet Explorer Web browser and an important flaw in its Windows Operating System today. The critical flaw could allow a hacker to take complete control of a users computer.

Microsoft said the vulnerability exists in its Internet Explorer Web browser, which an attacker could exploit to take over a PC by running software code after luring users to malicious Web pages.

Microsoft also issued one other security warning it rated at its second-highest level of “important.”

Fixes can be downloaded at:

www.microsoft.com/security

Technology News Article | Reuters.com

Following are the Consumer Product Safety Commission recall announcements for November 18 to December 12, 2005.

Chuck E. Cheese’s - Plastic Siren Whistles

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Chuck E. Cheese’s (CEC Entertainment), of Irving, Texas is voluntarily recalling about 144,000 Plastic Siren Whistles. The recalled plastic siren whistle’s internal pieces can detach from the toy, posing a choking hazard to children.

J & F Design Inc. - Girl’s Sleepwear Sold at J.C. Penney Stores

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), J & F Design, Inc., of Bell, Calif. is voluntarily recalling about 18,800 Bobby Jack™ pajama sets. These pajamas sets fail to meet the federal mandatory standard for flammability of children’s sleepwear under the Flammable Fabrics Act. This poses a risk of burn injuries to children.

Kawasaki Motors Corp. U.S.A. - All-Terrain Vehicles

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Kawasaki Motors Corp., U.S.A., of Irvine, Calif. is voluntarily recalling about 21,900 Kawasaki 2005 model year Brute Force ATVs. Tie rod separation caused by either wear or severe impact can occur during operation, causing the front wheel to separate from the steering control. Separation of the tie rod can cause the rider to lose control of the ATV, resulting in a serious injury or death to the rider.

Toshiba America Consumer Products LLC - DVD Home Theater Systems

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Toshiba America Consumer Products LLC, of Wayne, N.J. is voluntarily recalling about 4,100 DVD Home Theater Systems. A problem in the system’s circuit board could pose a fire hazard.

King of Fans Inc. - Oil-Filled Radiator Heaters

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), King of Fans Inc. of Fort Lauderdale, Fla. is voluntarily recalling about 202,000 Maxi-Heat™ Electric Oil-Filled Radiator Heaters. Welds in the heating fins can break, allowing oil to leak. This poses a burn and fall hazard to consumers.

Ideal Distributors Inc. - Pacifiers

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Ideal Distributors Inc., of Chicago, Ill. is voluntarily recalling about 1,000 Cachito Pacifiers. The nipples can detach from the base, posing a choking hazard to young children.

Stravina Operating Co. - Children’s Metal Necklaces and Zipper Pulls

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Stravina Operating Co., LLC, of Chatsworth, Calif., is voluntarily recalling about 6 million children’s metal necklaces and zipper pulls. The recalled metal jewelry contains high levels of accessible lead in the metal and/or the paint, posing a serious risk of lead poisoning to young children. Lead is toxic if ingested by children and can cause adverse health effects.

Porter-Cable - Repair Circular Saws

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Porter-Cable, of Jackson, Tenn., is voluntarily recalling about 196,000 Porter-Cable® 7¼-inch MAG-Saw™ Circular Saws. The lower guard on these saws could stick in the open position, posing a risk of severe lacerations to consumers.

Yamaha Corporation of America - Synthesizers

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Yamaha Corporation of America, of Buena Park, Calif., is voluntarily recalling about 1,100 S90 ES Synthesizers. The unit could emit loud “white noise” when turned off and turned on again under high temperature conditions, which could possibly damage a consumer’s hearing.

Sanus Systems - Television Wall Mounting Units

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Sanus Systems, of St. Paul, Minn., is voluntarily recalling 14,000 VisionMount model VMSA swing-arm television wall-mounting units. An undersized shaft within the wall mounting unit can cause the product’s main support component to loosen. As a result, the unit and the television it is supporting can fall from the wall, posing a risk of injury to consumers.

Starbucks Coffee Company - Ceramic Teapots

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Starbucks Coffee Company, of Seattle, Wash., is voluntarily recalling about 257 Ceramic Teapots. The teapots are labeled safe for microwave use, but the handles can become hot in the microwave oven. This poses a possible burn hazard to consumers.

Louisville Ladder Inc. - Industrial Ladders

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Louisville Ladder Inc., of Louisville, Ky., is voluntarily recalling about 3,000 Multi-Purpose, Step-to-Straight, Combination, Manhole and Extension Trestle Ladders. The rung on the ladders could break near the side rail causing the user to fall.

Haier America Trading LLC - Oscillating Electric Tower Fans

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Haier America Trading LLC, of New York, N.Y., is voluntarily recalling about 150,000 Oscillating Electric Tower Fans. Internal electrical arcing in the fan can cause a fire hazard.

Delta Enterprise Corp. - Certain Cribs Sold at Toys R Us Stores

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Delta Enterprise Corp., of New York, N.Y., is voluntarily recalling about 335 Lov’s “Europa” Natural Color Cribs. The crib’s paint contains high levels of lead. Lead poisoning in children is associated with behavioral problems, learning disabilities, hearing problems and growth retardation.

Wal-Mart Stores Inc. - Toy Sets

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), Wal-Mart Stores Inc., of Bentonville, Ark., is voluntarily recalling about 7,200 10-in-1 Activity Trunks by Kid Connection. Some of the toys in these trunks contain small parts, posing a choking hazard to young children.

International Playthings Inc. - Toy Vehicles

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), International Playthings Inc., of Parsippany, N.J., is voluntarily recalling about 6,000 Flexitoys Monster-Size Vehicles. Small parts can detach, which pose a choking hazard to young children.

International Playthings Inc. - Viking Chubbies Toy Cars

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), International Playthings Inc., of Parsippany, N.J., is voluntarily recalling about 1,900 Viking Chubbies Toy Cars. The heads on the figures sold with the cars can detach, posing a choking hazard to young children.

Retailers - Waterless Vaporizers and Aromatherapy Diffusers

In cooperation with the U.S. Consumer Product Safety Commission (CPSC), various retailers, including Wal-Mart, are voluntarily recalling about 10,000 Vapor-Eze Waterless Vaporizers and 5,000 Vapor-Eze Aromatherapy Diffusers. A defective internal heater in the recalled vaporizers and diffusers can cause sparking and emit flames while in use. This poses a fire, burn and shock hazard to consumers.

ISO ratings are used by your insurance company to help set your homeowners insurance rates. They also can provide some insight into your area’s overall fire safety. ISO rates fire departments and also rates city’s based on building codes.

The Public Protection Classification Program for fire departments rates departments on a scale of 1 to 10, with 1 being the best possible score. A score of 10 is not the worst outcome; the worst possible is to fail to qualify for rating. A better rating generally means a better equipped department with better reliable water sources and a better rating results in lower homeowner’s premiums, all other factors being equal. Requirements to receive a rating of 8 or better in the PPC program are:

To receive a Public Protection Classification (PPCTM) of Class 8 or better, a community must first have the minimum facilities and practices needed to get a PPC rating and must meet the minimum criteria for Class 9. In addition, the community must have these additional minimum facilities:
* There must be a minimum water supply of 250 gpm for a two-hour duration for fire protection in the area.

If the fire department delivers the 250 gpm through tanker shuttle, large-diameter hose, or other alternative water supply, the water must be available within five minutes of the arrival of the first due apparatus, and the department must maintain the flow, without interruption, for the two-hour duration.
* The fire department must have at least one piece of suitably equipped apparatus with a pump of at least 250-gpm capacity rated at 150 psi.

Source: ISO Mitigation

Remember the old adage, “If it sounds too good to be true, it probably is.” Then remember that you have never provided the IRS with your email address. So, when the message comes from “the IRS” that says you have a tax refund and takes you to the “IRS” website to enter credit card details - delete it or forward it to the proper authorities. The current one making the rounds takes advantage of a glitch in a government website to take you to that website first, making the email look more legitimate, but it’s really this simple - the IRS sends refund checks automatically in the mail as long as they have your current address. They don’t send refunds out by email. If you want to make sure you’re getting the refunds you have coming make sure IRS has your current address. If you’re still unsure, contact the IRS directly, but don’t click on phishy emails.

A spam e-mail message has been sent around the world telling people they are eligible for a $571.94 tax refund from the IRS. The e-mail offers a link to a fraudulent IRS Web site, but the link actually goes through a legitimate government Web site that only last month was promoted by President Bush.

“This is more advanced than the typical phish, because the Web link really does–at first–take you to the real tax benefit Web site,” said Graham Cluley, senior technology consultant for U.K. security vendor Sophos. “Unfortunately the way the government Web site has been configured allows the phishers to bounce the unwary in their direction.”

The link in the phishing e-mail goes to a forged IRS Web site that asks for a Social Security number, tax return filing code and credit card details including security code and PIN.

Phishers use IRS tax refund as bait | CNET News.com

A series of home invasion robberies in Newton County in southwest Missouri have been targeting elderly residents. The robbers rip out the phone lines, threaten the residents for cash and valuables and rough them up if they don’t cooperate. One resident summoned help by pressing her Medicalert bracelet, which scared away the robbers. In almost all cases the invasion began with a knock on the door. The local Sheriff Ken Copeland said, “If somebody you don’t know comes to your door, don’t open it, call the Sheriff’s office.”

The robbery of an elderly woman at 11:40 a.m. Wednesday on Old Scenic Route again involved two men who entered through the victim’s back door.

“They actually did shove her down,” Jennings said. “But they were not able to obtain anything because she had one of those electronic medical alerts, and when she activated it, it apparently scared them off.”

The woman did not require medical attention for any injuries suffered in the incident, he said.