Microsoft and the National Consumer Agency have issued a warning to consumers about a scam that targets people running Microsoft Windows.

The bogus callers, who claim to be from Microsoft, request that users download a file from a website in order to remove a virus supposedly on their computer. This file acts as a trojan horse allowing the scammers access to the consumers computer. From here they can obtain information such as financial details, account logins and passwords etc. In some cases they have also requested credit card details over the phone from people.

If you happen to receive one of these calls the NCA advise that you hang up immediately and report the call to them on 1890 432 432.

Firesheep, A new Firefox plugin created by Eirc Butler that enables users to hack into the likes of Facebook and Twitter accounts when used on a public WiFi network. The plugin has already been downloaded over 110,000 times. The plugin takes advantage of the fact that cookies from these websites are sent over the network in plain text and not encrypted. By simply grabbing the cookie it enables the hacker to login to the account of the unsuspecting user.

This plugin enables the average Joe with no hacking skills or capabilities to gain access to your social network account.

There are a number of ways to circumvent such an attack, for corporate users through VPN’s or SSH tunneling but for the every day user HTTPS Everywhere is an option.

By enabling the average user to simply download and install this exploit it may force Facebook & Twitter to enhance the security of their platforms.

Instructions on how to install the plugin if your using Windows:

Simply go to the following address:

http://github.com/codebutler/firesheep

• Click on downloads
• Download the firesheep-0.1-1.xpi file
• Go to tools and Add-ons in Firefox
• Drag the firesheep-0.1-1.xp file into the box.
• Couldn’t be easier!

A recent exploit discovered for Microsoft’s ASP.NET software has left all Windows users vulnerable to attack.

ASP.Net is a Web application framework by Microsoft that is used to create websites and applications. It has been estimated that 1/4 of all Internet websites use ASP.Net.

Microsoft has announced that it will patch all supported versions of Windows, from XP Service Pack 3 and Server 2003 to Windows 7 and Server 2008 R2, along with other software, including its IIS and SharePoint server software.

Hackers are said to be able to exploit ASP.Net’s encryption to decrypt session cookies or other encrypted data on a remote server, and access and grab files from a site or Web application that relies on the ASP.NET framework.

Microsoft has released a Visual Basic script that should detect applications that are at risk and has also created a dedicated support forum to handle any queries from website and application developers. A patch has been promised but it is still unknown as to when this may arrive.

From tomorrow, Tuesday 13th July Microsoft will no longer provide security updates or patches for computers running Windows XP SP2 or Microsoft Server 2000.  There will be no new security updates,  hotfixes, or Microsoft support options. Upgrading to Windows XP SP3 is free and will result in continued support and patching up until April 2014 but it is feared that many businesses will continue to use the unsupported versions leaving them open to various vulnerabilities that will never be fixed by Microsoft.

Installing service pack 3 may require testing and downtime for some organisations and it is believed that this would be an inconvenience that most companies will not put themselves through. Service Pack 3 does not add much in the way of functionality additions or features but it is classed as a critical upgrade.

Frank Fellows from Microsoft made the following statement;

“Customers are highly encouraged to migrate to the latest supported service pack which is the latest and most secure version of their product. Staying on a supported service pack is the only way to ensure continued access to security updates and the ability to escalate support issues within Microsoft.”

If you are still running Windows XP it is essential that you make the upgrade to Service Pack 3. This can be done either by switching on Automatic Updates or by downloading SP3 from the Microsoft website.

According to research from German Antivirus Company G Data, Windows is still the popular choice of target for hackers. In 2009, 99% of all malicious software was intended for computers running Microsoft Windows operating systems. Cyber criminals operate from an economic standpoint and repeatedly go after the largest target, in this case Microsoft Windows.

While Windows is the operating system most targeted there are steps that can be taken to minimise the risk. These include:

• Installing the latest operating system patches
• Keep your anti virus/spyware/malware software up to date
• Use Firefox or Chrome instead of Internet Explorer
• Don’t click on that advertisement informing you that “You have just won $500″ or “You have just won an Ipod”
• Use hard to guess passwords with at least 8 characters incorporating numbers, lowercase, uppercase, symbols etc. or use something like PWDHash
• Don’t always assume that the origin of a message is from who it appears to be from.

If you are a home user with a little technical knowledge I would highly recommend changing over from Windows to Ubuntu.