Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS August

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS August
Expert Contributor 11th Aug, 2011 08:15
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK


Eleventh Edition

Thankyou for recent support/discussion. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.
Scroll down for the latest posts !!
Please note that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Expert Contributor 11th Aug, 2011 08:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Expects to See Exploits for Critical IE Flaws Within 30 Days
August 10th, 2011, 17:00 GMT| By Lucian Constantin

Microsoft expects reliable exploits to be created in the next thirty days for the critical Internet Explorer vulnerabilities that it patched on Tuesday.

The MS11-057 IE security bulletin addresses seven security vulnerabilities that affect all versions of the browser on all supported Windows flavors.

Five of the flaws were reported privately to Microsoft and two were publicly disclosed. Their severity rating ranges from critical to important.

Fortunately, the two publicly reported vulnerabilities do not facilitate remote code execution and can only lead to information disclosure conditions.

According to Microsoft's vulnerability exploitability index, the MS11-057 security bulletin has the maximum rating with the note "likely to see reliable exploits developed within next 30 days."
More at :-
http://news.softpedia.com/news/Microsoft-Expects-t...

--
Was this reply relevant?
+1
-1
mogs CClip 2
Expert Contributor 11th Aug, 2011 08:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft patches final Pwn2Own IE bug
Quashed vulnerability that let researcher bypass browser's sandbox, win $15K in March

By Gregg Keizer
August 10, 2011 03:16 PM ETAdd a comment
Computerworld - Microsoft on Tuesday patched the last vulnerability in Internet Explorer (IE) used by a researcher in March to win $15,000 at the annual Pwn2Own hacking contest.

The company had patched IE twice before to quash bugs exploited by Stephen Fewer of Harmony Security to bring down IE8 on Windows 7 at Pwn2Own. For his efforts, Fewer was awarded a cash prize of $15,000 and a Sony notebook.

Fewer chained three exploits, each for a different vulnerability, to bypass IE's sandbox, called "Protected Mode," and compromise IE8. Pwn2Own sponsor HP TippingPoint called the feat "impressive" at the time.

Microsoft patched the third IE bug in a multiple-flaw update to its browser, part of a 13-bulletin collection.
More at :-
http://www.computerworld.com/s/article/9219081/Mic...

--
Was this reply relevant?
+1
-1
mogs CClip 3
Expert Contributor 11th Aug, 2011 08:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Tho' this story is almost a week old....still thought to be worthy of a mention.....check UAC ! ....mogs.
AUGUST 05, 2011
Microsoft: Malware turns off Windows UAC
Urges users to check that the regularly-belittled prompt is really on

By Gregg Keizer | Computerworld

Microsoft this week urged users to keep an oft-criticized Windows security feature turned on, even as it said that more malware is disabling the tool.

UAC (User Account Control) is the feature that debuted in Vista and revised in Windows 7 that prompts users to approve certain actions, including software installation.

UAC was "universally hated" in Vista, and was a major complaint about the unsuccessful operating system, a Gartner security analyst said more than two years ago.

"From a usability standpoint, no one was happy. And from a security standpoint, no one was happy either, because we knew that people get 'click fatigue,'" said John Pescatore of Gartner in the months before Windows 7's launch.

Microsoft took the complaints to heart, and downplayed UAC in Windows 7 after its data showed users got irritated when they faced more than two such prompts in a session at the computer.

This week, MMPC (Microsoft Malware Protection Center) said that malware was increasingly turning off UAC as a way to disguise its presence on infected PCs.
More at :-
http://www.infoworld.com/d/security/microsoft-malw...

--
Was this reply relevant?
+1
-1
mogs CClip 4
Expert Contributor 11th Aug, 2011 10:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe Updates for August Vulnerabilities
August 10, 2011
By Sean Michael Kerner

Adobe is a vendor that often plays catch-up with security exploits; issuing emergency patches issued to fix zero-day vulnerabilities. But Adobe, like Microsoft, also has a regular Patch Tuesday update cycle. This regularly scheduled update is a way to give users and enterprises a predictable and stable timetable for Adobe updates.
For August's Patch Tuesday, Adobe has issued five update advisories covering its Flash Shockwave, Photoshop and RoboHelp applications.

More at :-
http://www.esecurityplanet.com/features/article.ph...

--
Was this reply relevant?
+1
-1
mogs CClip 5
Expert Contributor 11th Aug, 2011 11:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

New Microsoft Security Essentials (MSE) 2.1 Antimalware Engine to Launch Next Week
August 10th, 2011, 15:59 GMT| By Marius Oiaga

Microsoft will introduce a new version of the antimalware technology behind its free security solution for Windows in the week of August 15th.

In fact, as early as August 15th, customers running Microsoft Security Essentials 2.1, as well as other AV products from the Redmond company will receive an antimalware engine update.

MSE users might already be used to the monthly antimalware engine refreshes that the software giant has been supplying them. According to Microsoft, the updates are nothing more than a way to keep up with the evolution of malware.

“As part of regular update of our antimalware technology to address the latest in the threat landscape, MMPC is planning to release a new antimalware engine on 15 Aug 2011,” the company said.

Microsoft Security Essentials 2.1 received the last antimalware engine update almost a month ago, on July 20th.

More at :-
http://news.softpedia.com/news/New-Microsoft-Secur...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 11th Aug, 2011 16:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 7 SP1 PCs Can Freeze Randomly when Memory Usage Is High – Fix Available

August 11th, 2011, 09:15 GMT| By Marius Oiaga

Microsoft has confirmed an issue impacting customers running the latest iteration of the Windows client and Server operating system, in which the platform can freeze when memory usage is high.

According to the Redmond company, some customers have been complaining that their Windows 7 machine stops responding randomly.

The problem affects not only users running Windows 7, but also those leveraging Windows Server 2008 R2.

At the same time, the company indicated that upgrading the two operating systems to Service Pack 1 will not solve the glitch since, Windows 7 SP1 and Windows Server 2008 R2 SP1 can also experience the problem.

“The issue typically occurs when the memory usage is high and when the memory manager performs frequent paging in and paging out actions,” the software giant said. “Note: you can use the Memory\Page Faults/sec performance counter to track the paging in and paging out frequency.”

Microsoft has already identified the source of the problem: “The issue occurs because of a deadlock situation in the Microsoft Filesystem Filter Manager (Fltmgr.sys).”

Not only this, but a hotfix is already available for download to those customers that have come across the issue described in this article.

More at :-
http://news.softpedia.com/news/Windows-7-SP1-PCs-F...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 11th Aug, 2011 18:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 6 Final Available for Download on August 16, 2011
August 11th, 2011, 15:40 GMT| By Marius Oiaga


Firefox 6 is almost finalized, with Mozilla now gearing up to release the successor of Firefox 5 to the general public in less than a week.

In fact, if no bugs, including regression issues, will be identified, Firefox 6 Final could be made available for download in as little as five days.

Firefox 6 continues to be in Beta development stage at the time of this article, and will remain here for rest of this week.

More at :-
http://news.softpedia.com/news/Firefox-6-Final-Ava...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 12th Aug, 2011 08:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Updates

Dev Channel Updates for Chromebooks
Thursday, August 11, 2011 | 18:59
Labels: Chrome OS, Dev updates
The Google Chrome team is happy to announce the release of Chrome 14.0.835.87 (Platform version: 811.34) on the Dev Channel for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).
Highlights:
Update the Netflix plugin to 1.1.3
Update Pepper Flash to version 10.3.200.105
Known issues:
18953: Duplicate processes for apps / extensions shown in Task Manager

If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Beta channel? Find out how.

Orit Mazor
Google Chrome
2 comments | Links to this post | Email Post

Dev Channel Update
| 16:56
Labels: Dev updates

The Dev channel has been updated to 15.0.849.0 for Windows, Linux, Chrome Frame and 15.0.849.1 for Mac.

All
Updated V8 3.5.2.0
[r96275] FTP: added directory listing parser for OS/2 format, Issue 92154
[r96073] FTP: fix directory listing parsing for Hylafax, Issue 90807
Large speed improvement for print preview
This release also contains fixes for many known stability issues.
Mac
[r95609] Replace the bookmark folder menus with native menus
[r96244] No overlay scrollbar in PDF on Lion, Issue 90530
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
18 comments | Links to this post | Email Post

Chrome Beta Channel Update
| 12:00
Labels: Beta updates
The Chrome Team is happy to announce the release of Chrome 14 to the Beta channel. 14.0.835.35 has been released for Windows, Mac, Linux and Chrome Frame. This update contains a number of new features and functionality, including:
Initial release of Native Client
Web Audio API
Additional Mac OS X Lion feature support
Sync Encryption for all data
Print Preview on Mac
Experimental Web Request extension API
Experimental Content Settings extension API
And a huge list of other fixes, changes, and stability improvements. For more on Chrome 14, please visit the official Chrome blog. The full list of changes in this release are available in the SVN revision logs ( trunk, branch). Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 12th Aug, 2011 22:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Gary McKinnon support website defaced

Serial graffiti splasher TurkGuvenligi strikes again
By John Leyden • 12th August 2011 12:39 GMT
A support blog for alleged Pentagon hacker Gary McKinnon had its domain name hijacked on Friday morning.

Serial defacer TurkGuvenligi posted an image of an old fella spinning a plate (which looks a bit like a flying saucer) on his finger on the FreeGary support blog. An image of the domain hack can be found here. We notified FreeGary.org's site administrators of the problem.

A separate support blog maintained by Gary's mum, Janis Sharp, is alive and well here.

TurkGuvenligi is a serial website defacer whose previous victims include Secunia. An archive of his work can be found here.

Defacers typically use search engines to search for vulnerable sites before setting on victims and uploading digital graffiti on these sites. Such hacks, by themselves, are normally trivial and seldom expose more sensitive systems.

The FreeGary.org site was restored to normal by Friday lunchtime. ®

http://www.theregister.co.uk/2011/08/12/mckinnon_w...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 12th Aug, 2011 22:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Computerworld - Starting with Firefox 8, Mozilla will automatically block browser add-ons installed by other software until users approve them, a company product manager announced yesterday.

Software-bundled add-ons have been a problem for Firefox users, who have sometimes been surprised to find browser extensions show up on their machines without their consent.

An add-on included with Skype, for example, caused such a high number of browser crashes that Mozilla added it to a list of banned extensions last January. And in 2009, an add-on that Microsoft silently slipped into Firefox left browser users open to attack, a fact that Microsoft itself admitted.

Read more at :-
http://www.computerworld.com/s/article/9219144/Fir...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 13th Aug, 2011 12:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Attack targeting open-source web app keeps growing

8 million poisoned pages, courtesy of osCommerce users
By Dan Goodin in San Francisco • 13th August 2011 00:15 GMT
An attack targeting sites running unpatched versions of the osCommerce web application kept growing virally this week, more than three weeks after a security firm warned it was being used to install malware on the computers of unsuspecting users.

When researchers from Armorize first spotted the exploit on July 24, they estimated it had injected malicious links into about 91,000 webpages. By early last week, The Reg reported it had taken hold of almost 5 million pages. At time of writing, Google searches here and here suggested that the number exceeded 8.3 million.

Read more at :-
http://www.theregister.co.uk/2011/08/13/oscommerce...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 13th Aug, 2011 12:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Chrome beta turns on native code machine

Native Client in the chute
By Cade Metz in San Francisco • 12th August 2011 17:58 GMT
With its latest Chrome beta, Google has turned on Native Client, its rather bold effort to securely run native applications inside the browser.

This means that Native Client is slated to make its official debut with Chrome 14 in September.

In a recent interview with The Register, Google vice president of engineering Linus Upson said that initially, Chrome will run only Native Client–based applications distributed through the company's Chrome Web Store. Through the store, Google will ensure that developers offer versions of their applications for both x86 and ARM, the two processor instruction sets currently supported by Native Client.

Read more at :-
http://www.theregister.co.uk/2011/08/12/google_add...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 13th Aug, 2011 12:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chinese authorities find 22 fake Apple stores

Staff at one fake Apple store in Kunming were dressed to resemble real staffers.

A total of 22 fake Apple stores have been uncovered in one Chinese city.

Authorities in Kunming began searching out the copycats after pictures of one convincing replica were circulated on the web.

An early search found five fake stores, two of which were shut down for trading without a licence.

Now, according to Chinese trade officials, 22 have been found unlawfully using Apple's brand and logo.

More at :-
http://www.bbc.co.uk/news/technology-14503724

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 13th Aug, 2011 21:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
NuCaptcha improves integration of Captcha system
The company has made several upgrades to its video Captcha system to make it fit better into websites
By Jeremy Kirk | IDG News Service


A company that makes a security product designed to thwart problems such as comment spam has added new security and customization features for website owners.

NuCaptcha's self-titled product takes a different approach to the Captcha, which stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart."

Read more at :-
http://www.infoworld.com/d/security/nucaptcha-impr...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 14th Aug, 2011 08:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Firefox 6 Final
August 13th, 2011, 05:56 GMT| By Marius Oiaga

Mozilla has wrapped up the development process of Firefox 6 and is already offering downloads of Firefox 5’s successor.

However, the launch of Firefox 6 Final has yet to be announced officially, as the bits have not started being offered to the public.

Instead, the open source browser vendor is serving Firefox 6 Final through its FTP servers, at least at the time of this article. I don’t doubt that this will change soon enough, but for now, users can grab Firefox 6 via the link at the bottom of this article.

As I told you earlier this week, Mozilla was planning to launch Firefox 6 on August 16th, 2011. For all I know, that date continues to be the official release deadline for the latest major iteration of Firefox browser.

Read more at :-
http://news.softpedia.com/news/Download-Firefox-6-...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 14th Aug, 2011 09:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Improve Windows 7 SP1 and Vista SP2 Compatibility with Advanced Format Disks

Microsoft has been offering an update designed to improve the compatibility of Windows 7 and Windows Server 2008 R2 with Advanced Format Disks for some time now, and it appears that the company is now offering something similar for Windows Vista and Windows Server 2008.

Well, not an actual update, but a hotfix designed to kick up a notch Vista and Windows Server 2008 compatibility with Advanced Format disks.

In the case of KB 982018, the update is available for Windows 7 RTM and Service Pack 1, as well as for Windows Server 2008 R2 RTM and SP1.

The KB 2553708 hotfix, which went live today, August 12, 2011, comes with support only for Vista SP2 and Windows Server 2008 SP2.

“Advanced Format disks have a 4-KB physical sector size. This hotfix is only for Advanced Format disks that have a 4-KB physical sector size and that emulate a 512-byte interface for logical addressing,” Microsoft explains.

“Advanced Format disks introduce a larger physical sector of 4 KB. However, these disks have a 512-byte interface for logical addressing to make initial versions more compatible with current computer systems. Therefore, these disks are known as "512-byte emulation disks" or as "512e".”

The KB 982018 update for Windows 7 SP1 is designed to resolve no less than five issues – users will find download links at the bottom of this article.
More at :-
http://news.softpedia.com/news/Improve-Windows-7-S...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 15th Aug, 2011 11:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hide Open Windows with a Hotkey No matter the reason, keeping your work private is of utmost importance. Preventing others from viewing what’s going on your desktop can be easily achieved these days just by pressing a keyboard combination. Windows Hider follows that exact principle and what’s more, allows you to group the currently opened windows and thus, hide more of them at a time.

Any computer junkie knows a few ways to make their PC activity invisible. Some keyboard combinations, such as Win+L – to lock the computer, Win+D – to minimize all opened windows to taskbar or setting the taskbar to auto-hide are just a couple of methods to keep your work away from prying eyes. As effective as these are, none of them manages to really hide the applications that are running on your computer, as they would still be visible in the taskbar. If you’re looking for a piece of software that can make it all go away without actually closing the running processes, then Windows Hider is definitely a winner.


Windows Hider by CodeCaged.com
Version reviewed: Windows Hider 1.1.25
Windows Hider is a small utility designed to hide windows, programs, files, folders (all to background, from desktop and taskbar) without closing them instantly by one click or hotkey.

Features:

Hide/Show windows, programs, files, etc by one click or hotkey.
Your sensitive/private information will be safe.
Groups to make easier decision about which windows, programs, files, etc, to hide.
Hotkey for each group

Read more at :-
http://www.softpedia.com/reviews/windows/Windows-H...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 15th Aug, 2011 13:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows Security Praised
Analysis: Think Windows is insecure? You're wrong, says security firm Kaspersky.
By Preston Gralla, Computerworld Aug 14, 2011 8:00 pm

Conventional wisdom has it that Windows and products from Microsoft are extremely unsafe, easy targets for hackers. That conventional wisdom is wrong, according to security firm Kaspersky Lab's recent quarterly malware report, which found not a single Microsoft-related threat in the top ten.

The Kapersky Lab quarterly report has this to say about Microsoft products:

For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found in Adobe Flash Player alone. Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs.

So if you're running Windows --- especially Windows 7 --- you don't need to worry that you're a sitting duck.

Read more at :-
http://www.pcworld.com/article/238009/windows_secu...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 15th Aug, 2011 15:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Most SSL Sites Vulnerable


By Sean Michael Kerner

SSL certificates and encryption are supposed to protect websites and users, but there is a catch. For SSL (secure sockets layer) to work properly it needs to be properly configured. According to new research from security firm Qualys presented at the Black Hat security conference last week, the majority of SSL secured sites are not in fact fully secured. The new Qualys research builds on a study that Qualys did last year that found configuration issues with SSL certificates.
"Initially we enumerated all public SSL servers and we looked at how they were configured, but there was always something missing," Ivan Ristic, security researcher at Qualys, told InternetNews.com. "That missing 'thing' was that we wanted to perform a deep analysis of how Web applications are implemented."

Ristic noted that there are many things that can be done incorrectly at the Web application level to negate SSL security. As part of the Qualys study, Ristic analyzed the 300,000 most popular SSL secured sites in the world, looking for SSL related flaws and found a number of SSL flaws including the use of insecure cookies as well as mixing insecure traffic in with secured traffic.

Read more at :-
http://www.esecurityplanet.com/news/article.php/39...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 16th Aug, 2011 08:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Man reveals secret recipe behind undeletable cookies

New and improved cookie 'respawning' revealed
By Dan Goodin in San Francisco •
Posted in ID, 16th August 2011 04:00 GMT
A privacy researcher has revealed the evil genius behind a for-profit web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser's privacy mode.

The technique, which worked with sites including Hulu, Spotify and GigaOm, is controversial because it allowed analytics startup KISSmetrics to construct detailed browsing histories even when users went through considerable trouble to prevent tracking of the websites they viewed. It had the ability to resurrect cookies that were deleted, and could also compile a user's browsing history across two or more different browsers. It came to light only after academic researchers published a paper late last month.

Read more at :-
http://www.theregister.co.uk/2011/08/16/cookie_res...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 16th Aug, 2011 09:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 16th Aug, 2011 09:28
NSS Labs says IE9 still best for blocking social engineering attacks
by Shaun Nichols

16 Aug 2011

A report from NSS Labs has found Microsoft's Internet Explorer 9 to be the top browser for detecting and blocking social engineering-based malware attacks.
The research firm said that in its independent tests, IE9 was able to detect and block some 99.2 per cent of possible attack sites, far more than other browsers used in the test.

As opposed to "drive by" attacks which exploit software vulnerabilities, social engineering attacks trick users into manually downloading and installing malware payloads. The attacks commonly operate as fake video sites or security tools.
"From a cybercriminal’s perspective, tricking users into downloading and installing malware is a preferred means of attack since the weakness they are exploiting is the naiveté of their victim; this enables criminals to cast a wide net since there are no technology dependencies," the company explained in the report (PDF).


Read more: http://www.v3.co.uk/v3-uk/news/2101995/nss-labs-ie...


--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 16th Aug, 2011 10:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Monday, August 15, 2011 | 17:20
Labels: Beta updates
The Beta channel has been updated to 14.0.835.94 for Windows, Mac, Linux, and Chrome Frame. This release contains fixes for a number of stability issues along with other bugs. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 16th Aug, 2011 10:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Bug Bounties: Why Paying Hackers Makes You Safer
Companies like Google and HP are paying big bucks to people who can find holes in their software.
By Alex Wawro, PCWorld Aug 16, 2011 4:10 am

Would you pay a burglar to break into your own house? Most smart people would probably say no, but smart tech companies are increasingly saying yes. Companies like Google are offering serious rewards to hackers who can find ways to break into their software.

These companies frequently pay thousands of dollars for the discovery of a single bug--enough so that bug hunting can provide a significant income. And on a different, broader level, the hacker who finds the best way to protect Windows applications from being compromised is in line to take home a cool $200,000 from Microsoft in its BlueHat Prize competition.

The companies involved say that the bounty programs make their products safer. "We get more bug reports, which means we get more bug fixes, which means a better experience for our users," says Adam Mein, a security program manager responsible for the Web Application division of Google's Vulnerability Reward Program. "We also develop positive relationships with the researchers who are finding these bugs."

But the programs aren't without controversy. Some companies, notably Microsoft, believe that bounties should only be used to catch bad guys, not to encourage people to find holes. And then there's the issue of double-dipping--the possibility that a hacker might collect a prize for finding a vulnerability, and then sell information on that same exploit to malicious buyers.

More at :-
http://www.pcworld.com/article/238120/bug_bounties...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 16th Aug, 2011 12:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 7 Connection Drop Intermittently when Using an NVIDIA nForce Network Controller

August 16th, 2011, 09:35 GMT| By Marius Oiaga
Customers running Windows 7 computers equipped with NVIDIA nForce network controllers might be experiencing issues with their network connectivity.

Microsoft confirmed that the NVIDIA nForce network controllers can cause network connection drops in Windows 7, and provided guidance on how users can remedy the situation.

“You have an NVIDIA nForce network controller installed on a computer that is running Windows 7. However, you lose the network connection intermittently. When this issue occurs, the affected network connection is displayed as "limited connection",” the Redmond company explained.

At this point in time the software giant is not providing an update or a hotfix designed to resolve the problem.

Customers need to head over to Microsoft Support and access KB 979464 for details on how to stop their network connectivity from dropping intermittently.

Read more at :-
http://news.softpedia.com/news/Windows-7-Connectio...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 16th Aug, 2011 19:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Crack Makes SpyEye Free for All
August 16th, 2011, 10:24 GMT| By Lucian Constantin

The builder application for the SpyEye trojan has been cracked prompting fears that the number of infections will spike and botnets will be harder to trace back to their creators.

Along with ZeuS, SpyEye is one of the most sophisticated and popular trojans used by cyber fraudsters to steal online banking credentials and other financial information.

SpyEye appeared as an alternative to ZeuS, the absolute king of online banking trojans, but last year both crimeware toolkits ended up under the supervision of the same developer who planned to merge them together.

According to a recent report from security vendor Trusteer, ZeuS still remains the most widely used crimeware toolkit, particularly because the source code of ZeuS leaked earlier this year which allowed anyone to create new samples.

The company claims that ZeuS infections outnumber SpyEye's four to one, but the latter threat is rapidly gaining market share.

Read more at :-
http://news.softpedia.com/news/SpyEye-Trojan-Build...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 16th Aug, 2011 20:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
2011, 18:01
SOFTWARE DEVELOPER Mozilla has released Firefox 6, bringing a host of treats for developers.
Mozilla's third major Firefox release of 2011 offers improvements to performance, security and stability, but it is perhaps web developers that will be most happy with Firefox 6. Mozilla has added support for more HTML5 elements such as progress and tracking, introducing Server Sent Events while bringing back Websockets.
Like all browser developers, Mozilla has worked on tweaking Firefox's document object model (DOM). There's an extensive list of changes, including support for W3C standard touch events.
Firefox 5 users will be prompted to update to Firefox 6, and while there is very little to visually distinguish Firefox 5 from Firefox 6, users will be urged to upgrade. Earlier Mozilla said it was mulling a move to remove version numbers altogether from Firefox's About dialogue box, but Firefox 6 still proudly displays its vintage.


Read more: http://www.theinquirer.net/inquirer/news/2102251/m...
The Inquirer - Computer hardware news and downloads.

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 17th Aug, 2011 20:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Report: Spam is at a two-year high
Spam - particularly the kind with malicious attachments - is exploding, reaching a two-year high overall, which includes the spike last fall just before the SpamIt operation folded its doors, a security firm says.

By Tim Greene
August 17, 2011 12:42 PM ET
Network World - Spam - particularly the kind with malicious attachments - is exploding, reaching a two-year high overall, which includes the spike last fall just before the SpamIt operation folded its doors, a security firm says.

In fact spam traffic is about double what it was then, according to M86 Security Labs, which monitors spam levels across selected domains.

"After multiple recent botnet takedowns, cybercriminal groups remain resilient clearly looking to build their botnets and distribute more fake AV in the process," the company says in its blog. "It seems spammers have returned from a holiday break and are enthusiastically back to work."

More at :-
http://www.computerworld.com/s/article/9219270/Rep...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 17th Aug, 2011 21:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Computerworld - Mozilla today released Firefox 6, the second edition since it shifted to a rapid-ship cycle that delivers a new version of the browser every six weeks.

The company also patched 10 bugs with the upgrade, and issued an update to 2010's Firefox 3.6 that fixed seven flaws total, six of them different than the ones quashed in Firefox 6.

Today's release of Firefox 6 was the second time in a row that Mozilla met its self-imposed deadline since the debut of a faster shipping schedule in March. Mozilla has historically struggled to ship browser upgrades on time, but is now 2-for-2 after picking up the pace.

Although Mozilla listed more than 1,600 changes to Firefox 6 in a full bug list, the open-source developer called out only a few in its release notes, among them highlighting domain names in the address bar -- both Chrome and Microsoft's Internet Explorer 9 (IE9) do something similar by boldfacing domain names -- reducing startup time and for developers, adding a JavaScript prototyping tool called Scratchpad.

More at :-
http://www.computerworld.com/s/article/9219245/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 17th Aug, 2011 21:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 17th Aug, 2011 21:09
Chrome Dev Channel Update
| 16:19
Labels: Dev updates

Update: Chrome for Windows has been push to Dev as 15.0.854.0


The Dev channel has been updated to 15.0.854.0 for Mac, Linux, and Chrome Frame. Windows will be updated soon.( It's already showing on mine.....mogs
)


All
Updated V8 3.5.5.0
[r96420] Fixed uninstalls for forced install extensions [Issue 86519]
Fixed many known stability issues
Mac
[r96851] New multi-profile UI
[r96393] Fixed bookmark menu translation [Issue 92410]
Linux
[r96518] Fixed import success message when user cancels the import [Issue 88947]
Known Issues
Unable to close tabs in Linux [Issue 93086]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 17th Aug, 2011 21:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Hackers using botnets to bypass Google and map attack victims
by Phil Muncaster


Hackers could be generating more than 80,000 queries a day using botnets as they look to harvest the power of search engines to discover the most vulnerable targets on the web to attack, according to the latest research from Imperva.
The web application security firm revealed in its Hacker Intelligence Initiative report that the attackers use specially crafted search queries known as 'Dorks' or 'Google Dorks' which focus on specific locations or sites to zero in on a potential attack target.

These Dorks are exchanged by hackers on underground forums such as the Google Hacking Database, the firm said.
The search results can then be used by the hackers to identify vulnerabilities and launch attacks to steal or alter data or even compromise company servers.
"The search engines are aware of this abuse of functionality and have implemented various anti-automation techniques, but the figures from the report show that an enormous amount of queries are possible," Imperva chief technology officer Amichai Shulman told V3.


Read more: http://www.v3.co.uk/v3-uk/news/2102153/hackers-bot...


--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 18th Aug, 2011 10:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New Mass Injection Attack Infects over 20K Websites

August 17th, 2011, 18:47 GMT| By Lucian Constantin

Researchers from web security vendor Armorize have detected a new mass injection attack that affected over 22,000 websites so far and directs users to drive-by download exploits.

The researchers were able to determine the number of affected domains because the attackers originally forgot a script tag, rendering their code inactive.

This meant that search engine crawlers were able to index the code as regular text and make it searchable, allowing Armorize to find it on over 536,000 unique pages.

The attackers have since fixed their injection and it's fair to assume that at least the 22,000 websites were reinfected with the proper code.

When accessing a page compromised by this attack, visitors are redirected to a website hosting an installation of the BlackHole exploit pack.

BlackHole executes exploits that target vulnerabilities in outdated versions of Java, Adobe Reader, Flash Player and Windows itself.

This type of attacks are called drive-by downloads and are generally completely transparent to victims. If they are successful, malware is download and installed on the targeted computers.

More at :-
http://news.softpedia.com/news/New-Mass-Injection-...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 18th Aug, 2011 12:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla says version number removal is a long term goal

Slowly slowly catchy foxy
By Lawrence Latif
Wed Aug 17 2011, 17:37
SOFTWARE DEVELOPER Mozilla has told The INQUIRER that removing version numbers from the Firefox About display is a long-term goal.
Asa Dotzler, director of the Firefox product at Mozilla was the chap who started the thread on Bugzilla that mentioned removal of Firefox version numbers from the About screen. That post generated heated debate, with suggestions that it is simply change for change's sake and it could confuse users trying to look up version numbers in order to troubleshoot problems.
Dotzler told The INQUIRER, "There's been some discussion around removing version numbers from the Firefox 'About' window. Our goal is to avoid confusion and make sure users always have the most current version of Firefox. While that's the long term goal, this change isn't happening overnight. Right now, the version number is available in the Help-Troubleshooting menu."
Yesterday Mozilla released Firefox 6, which displays its version number in both the About box and the Troubleshooting menu. As Dotzler said, it's likely that Mozilla will make the change slowly, though with its rapid release scheme that could be just six weeks until it hits a production release.


Read more: http://www.theinquirer.net/inquirer/news/2102618/m...
The Inquirer

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 18th Aug, 2011 12:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
'Related' Browser Add-On: Handy, But at Cost to Privacy
By John P. Mello Jr., PCWorld Aug 17, 2011 7:00 PM

The Google Related bar is at the bottom of the browser (click to enlarge image)A nifty Google browser extension called "Google Related" makes finding associated Web content a snap, but for privacy-minded Web surfers the convenience will come with a hefty cost. The Chrome Web browser extension creates a navigation bar at the bottom of the browser, and as you roll your mouse cursor over the bar Google generates content relevant to what's on the page you're viewing.

Google announced the Web browser extension Tuesday for its Google Chrome Web browser. The Google Related add-on takes the form of a toolbar for Microsoft's Internet Explorer browser. No support for Apple's Safari, Firefox, or Opera Web browser software was announced.

Google Related images (click to enlarge image)I took the Google Related for a spin and liked it. It's easy to see how it can become one of those "must have" extensions. While the content displayed by Related may be limited in volume, it's still valuable for fleshing out the content of a webpage or providing jumping off points for additional searches.

More to read at :-
http://www.pcworld.com/article/238363/related_brow...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 18th Aug, 2011 13:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IPv6-handling flaw found in Windows 7
By David Meyer, ZDNet UK, 17 August, 2011 15:22

Researchers have found a flaw in the way Windows 7 handles IPv6, one of the key protocols underlying the internet, saying attackers could use the vulnerability to crash PCs.

The security firm Barracuda Labs said on Tuesday that someone would have to make a targeted denial-of-service attack to exploit the vulnerability, but exploitation could cause failure in a PC's network connectivity, applications and sound system.

Microsoft has acknowledged and reported the flaw, but has said it will not patch it in a security update, because exploiting the vulnerability requires local network access.

Read more at :-
http://www.zdnet.co.uk/news/security-threats/2011/...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 18th Aug, 2011 20:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security Updates Available for Ruby on Rails The Ruby on Rails development team has released security updates for several versions of the web application framework in order to address serious vulnerabilities.

The newly released 2.3.14, 3.0.10 and 3.1.0RC6 versions address a SQL injection flaw in the quote_table_name method which could be exploited to inject arbitrary data into the database.


The latest versions for Ruby on Rails can be downloaded from here.
http://news.softpedia.com/news/Security-Updates-Av...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 18th Aug, 2011 20:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Firefox 9 “First Taste” Available for Download
August 18th, 2011, 14:58 GMT| By Marius Oiaga

Early adopters looking to get the first taste of Firefox 9 can now do just that, provided that they’re ready to download and test a very early development milestone of the open source browser.

Mozilla has started serving a Nightly release of Firefox 9, an equivalent of a pre-alpha Build, if you will.

Having launched Firefox 6 Final officially earlier this week, the open source browser vendor moved onward to developing not just the next version of Firefox, but the additional two following that.

Essentially, Mozilla is now working on Firefox 7, Firefox 8 and Firefox 9 concomitantly, although the focus is placed on the next immediate version.

Firefox 7 is on the brink of graduating to the Beta Channel. It’s just a matter of days before Mozilla will announce the official Firefox 7 Beta. At the same time, Firefox 8 will move into Aurora, and replace Firefox 7.

Mozilla has already migrated Firefox 8 Central to Aurora and Firefox 7 Aurora to Beta, but it has yet to officially announce the new releases.

Speaking of which, Firefox 8 Aurora seems to have already been wrapped up, and is up for grabs via the company’s FTP servers.



Mozilla’s FTP servers are also the place to go for Firefox 9 Nightly. This is, as the label implies, a nightly Build of the browser, designed only for early adopters to run in testing environments. Firefox 9 Nightly should not be deployed into production.

Read more at :-
http://news.softpedia.com/news/Firefox-9-First-Tas...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 19th Aug, 2011 12:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Download Firefox 7 Beta
August 19th, 2011, 06:52 GMT| By Marius Oiaga

The fully-fledged Beta development milestone of Firefox 7 is now available for download from Mozilla, after a preview release went live earlier this week.

This is the first Firefox 7 testing release out of a series of Beta refreshes which will undoubtedly follow, from now and until the end of September 2011, when Firefox 7 Final is expected to launch.

Since it switched to an overhauled development process and an accelerated release pace, Mozilla has built less new features and capabilities into major new iterations of its open source browser.

However, Firefox is still evolving, and Firefox 7 does bring a collection of enhancements to the stable, starting with the traditional stability bug fixes designed to improve reliability.

Firefox 7 sports “drastically improved memory use,” to quote Mozilla. In fact, the opens source browser vendor is hoping that Firefox 7 will outperform all its rivals.

Read more at :-
http://news.softpedia.com/news/Download-Firefox-7-...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 19th Aug, 2011 14:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft disables 'supercookies' used on MSN.com visitors
New tracking technology a 'colossal privacy gaffe,' researcher says

By Jaikumar Vijayan
August 19, 2011 07:22 AM
Computerworld - Microsoft said it has disabled an online tracking technology that, according to a Stanford University researcher, allowed the company to sneakily track users on MSN.com -- even after they deleted their browser cookies and other identifiers.

In an emailed comment Thursday, Mike Hintze, Microsoft's associate general counsel, said the company took "immediate action" when it learned about the presence of so-called "supercookies" on its networks from Stanford University researcher Jonathan Mayer.

Read more at :-
http://www.computerworld.com/s/article/9219312/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 19th Aug, 2011 15:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Koobface Spreads via Torrents

August 19th, 2011, 09:58 GMT| By Lucian Constantin
Security researchers have identified a new version of the Koobface worm which uses the global torrent network instead of social networking websites to spread.

Dating back to July 2008, Koobface is one of the oldest and most successful computer worms that are still active to this day. Its original variants targeted MySpace and Facebook, but it later expanded to other social networking websites.

One particularly interesting aspect of Koobface is the determination of its creators and their innovative detection evasion techniques.

Koobface has seen many improvements over the years and is a fairly sophisticated piece of malware that's most likely maintained by more than one developer.

Despite its success, the worm suddenly stopped spreading on Facebook back in February, a decision that baffled security researchers.

In April security experts from FireEye reported that Koobface was still serving as a distribution platform for other malware and that its command and control servers were still operational.

Judging by a new sample found recently by security researchers from Trend Micro, it seems that all these months the worm's creators were working on a new propagation routine.

The new version bundles version 2.2.1 of the uTorrent client which runs hidden in the background to seed trojanized torrents.

These torrents pose as cracked versions of popular applications or games like Silent Scream: The Dancer, Dark Ritual, Celtic Lore: Sidhe Hills, Adobe Lightroom, SystemCare, WinRAR, and others.

More at :-
http://news.softpedia.com/news/Koobface-Spreads-vi...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 19th Aug, 2011 17:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Critical Vulnerabilities Patched in PHP
August 19th, 2011, 14:19 GMT| By Lucian Constantin

The PHP development team has released PHP 5.3.7 in order to address critical security vulnerabilities and patch a large number of other bugs that affect its stability.

The new version fixes a number of six security flaws including two that could be exploited to execute arbitrary code on underlying systems.
More and download at :-
http://news.softpedia.com/news/Critical-Vulnerabil...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 19th Aug, 2011 17:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 vs. webOS, It Could Have Been Epic
August 19th, 2011, 14:37 GMT| By Marius Oiaga

For a minute, it appeared that Windows 8 would have a bit of extra competition in 2012 from newcomer webOS, a platform that Hewlett Packard was planning to ship on its TouchPad tablet, new smartphones as well as on every PC, pre-installed alongside Windows.

Now HP just announced that it’s not only killing all operations for webOS devices while also essentially shelving webOS, although the wording is more in the line of exploring strategic alternatives for the operating system, but that’s considering ditching its PC business altogether.

HP is the current king of the PC market, with shipments of 14.8 million units in the second quarter of this year, and 14.7 in Q1. Considering that it owns approximately 17.5% of the computer market, HP’s exit from the PC business, even if only a “rough draft” for the time being, is bound to have repercussions on Windows.

Read more at :-
http://news.softpedia.com/news/Windows-8-vs-webOS-...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 19th Aug, 2011 20:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Fix Incorrect Results in the Windows 7 Search Box

August 19th, 2011, 15:50 GMT| By Marius Oiaga
The search box in Windows 7 can return incorrect results when users search for programs and files, Microsoft revealed.

The software giant explained that the issue has been reported by customers running Windows 7, as well as by those leveraging Windows Server 2008 R2.

The Search programs and files box under the Windows 7 Start Menu drastically streamlines the search process, and it’s the best way to find anything from applications and files to control panel options, but also additional items.

But it appears that in certain scenarios the results returned to user queries are not exactly what customers are looking for.

“On a computer that is running Windows 7 or Windows Server 2008 R2, you try to search for an item on the computer by using the Search programs and files box,” the software giant said.

“However, the search results are not displayed correctly. Only the category headings of the categorized search results are displayed, such as Programs, Control Panel, and Documents. Additionally, if you click the displayed category headings, nothing happens.”

Microsoft explained that restarting the computer will not make this issue go away.
Read more at :-
http://news.softpedia.com/news/Fix-Incorrect-Resul...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 20th Aug, 2011 12:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Adobe and Oracle Products Responsible for Most Common Unpatched Vulnerabilities

August 19th, 2011, 19:22 GMT| By Lucian Constantin

According to a report from antivirus vendor Kaspersky Lab, the most common unpatched vulnerabilities detected on people's computers are in Adobe and Oracle products.

At the top of the list is the SING 'uniqueName' buffer overflow vulnerability (CVE-2010-2883) which affects older versions of Adobe Reader and Acrobat.

This vulnerability is rated extremely critical and was patched last October in Adobe Reader 8.2.5 and 9.4. Adobe Reader X, the latest version of the product is not affected.

The presence of this vulnerability on people's machines suggests that despite Adobe's efforts to improve its updating process, users still fail to deploy patches.

This means that it might be a while until the majority of users upgrade to Adobe Reader X which features sandboxing technology.

Adobe Reader X users are protected from the vast majority of exploits even if their version of the product is theoretically vulnerable.

The second most common vulnerabilities according to Kaspersky are located in Oracle's Java and they were patched in February. Java is a real problem, not only because it is outdated on people's systems, but because it is a favorite target for attackers.

Practically all drive-by download toolkits have one or several Java exploits incorporated. Users should disable the Java browser plug-in if they don't remember ever using it.
More at :-
http://news.softpedia.com/news/Adobe-and-Oracle-Un...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 20th Aug, 2011 17:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 20th Aug, 2011 17:05
Q I have a Windows 7 PC with Internet Explorer 9. I would like to have more than one Hotmail account open at the same time.
However, when I try to log in to a second Hotmail account in a separate tab, I find that it opens to display the inbox of the first account. Is there any way around this problem?
Harry Sampson
A Because of the way Hotmail uses cookies, opening a second Internet Explorer tab to view a second instance of the webmail service displays the inbox of the first logged-in user account.
However, you can get around this by launching a new Internet Explorer ‘session’, as this isolates the processes that create this problem.
It does mean having more than one Internet Explorer window open – one for each Hotmail account – but it will allow you to log in and view multiple inboxes. It’s easy to do: tap the Alt key to make the menu bar appear then open the File menu and choose New Session.


Read more: http://www.computeractive.co.uk/ca/pc-help/2093816...


--
Was this reply relevant?
+0
-0
mogs CClip 45
Expert Contributor 20th Aug, 2011 17:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Socitm warns public sector sites face uphill task with cookie law compliance
by Phil Muncaster

19 Aug 2011

Local authorities across the UK face an uphill task to comply with new laws which came into effect on 26 May demanding that user consent is sought by all web sites wishing to download cookies to their machines, according to Socitm.
The public sector IT manager organisation audited all local authorities, as well as other public service organisations including police and passenger transport executives, in a snapshot of 603 web sites.
Further reading
ICO sees 90 per cent 'drop' in web traffic due to cookie law
ICO to ignore incoming cookie law for a year before it considers enforcement
Socitm offers cookie auditing service for public sector web sites
Socitm found that all but six have cookies which require compliance action, and that the average number for each site was 32 and the largest number found on a single site was 1,346.
The Information Commissioner's Office, which is responsible for enforcing the new legislation, has given organisations a year to comply, but it may take longer than web owners think, warned Martin Greenwood, programme director for Socitm Insight.


Read more: http://www.v3.co.uk/v3-uk/news/2103190/socitm-warn...


--
Was this reply relevant?
+0
-0
mogs CClip 46
Expert Contributor 20th Aug, 2011 17:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google Maps Is Available in 40 More Countries via a Local Domain

August 20th, 2011, 12:30 GMT| By Lucian Parfeni
Google has announced that it is expanding the number of local domains for Google Maps. In one fell swoop, Google has added over 40 new domains for the site, making it easier for people around the world to use the mapping tool and get results catering to their location.

"Back in 2005 we started with one domain, .com, and now almost six years later we are happy to announce today that we are adding more than 40 new domains on Google Maps," Google's Jarda Bengl writes.

"In total we have more than 130 countries with their customized maps domains and we support 60+ user interface languages," Google said.

With this expansion, Google Maps is available in most of the places where Google has a local presence, in the form of a dedicated website with a national domain name.

More at :-
http://news.softpedia.com/news/Google-Maps-Is-Avai...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 20th Aug, 2011 17:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 8 Aurora Brings Better Add-on Control, Tab Animations and Memory Usage Improvements

August 20th, 2011, 12:00 GMT| By Lucian Parfeni

Firefox 8 is now available in the Aurora channel, the most experimental channel not dedicated to developers exclusively. The latest Firefox comes with several new features and tweaks.

One big change in Firefox 8, which we've highlighted previously, is blocking add-ons installed by third-parties and not via Firefox. These add-ons have always caused problems and Mozilla wants to make sure that users are more informed when installing them.

"The latest experimental additions to Firefox Aurora for Windows, Mac and Linux streamline the user interface and give users more control when managing third-party add-ons," Mozilla announced.

Read more at :-
http://news.softpedia.com/news/Firefox-8-Aurora-Br...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 21st Aug, 2011 08:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 Pre-Release Will Not Be a Secret, Promises Microsoft.
August 20th, 2011, 15:23 GMT| By Marius Oiaga

The number of testers with access to pre-release copies of Windows 8 is bound to increase as the development process moves forward and approaches the Beta stage.

Microsoft has confirmed that it will deliver the first deep insight into Windows 8 in mid-September 2011 at its BUILD Windows conference, and the software giant is also expected to share a pre-release Build at least with participants, if not with as many testers as possible.

Piles of interim Builds of Windows 8 have already been complied, with number of releases even served to early adopters outside of Redmond.

In addition to such testers, Microsoft employees have also been dogfooding early development milestones of Windows 8, per the software giant’s “eating one’s own dog food” tradition.

The problem thus far is related to the extremely limited access to pre-release Builds of Windows 8.

With the BUILD event now sold out and just a few weeks away, the Windows 8 communications strategy is moving into its next phase. Case in point: the new Building Windows 8 Blog and @BuildWindows8 Twitter account.

More at :-
http://news.softpedia.com/news/Windows-8-Pre-Relea...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 22nd Aug, 2011 07:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Sneaky tracking code (finally) purged from Microsoft sites

'Supercookies' eluded user privacy choices
By Dan Goodin in San Francisco • 22nd August 2011 04:15 GMT
Microsoft has deleted code on its MSN website that secretly logged visitors' browsing histories across multiple web properties, even when the users deleted browser cookies to elude tracking.

Microsoft announced the move in a tersely worded blog post published on Thursday. That's the same day that a researcher revealed that MSN and three other Microsoft websites hosted JavaScript that uniquely identified users in the event they deleted tracking cookies from their hard drives. The code was copyrighted in 2007, indicating the practice may have been in place for more than four years.

To survive the cookie purges that many users perform to preserve their privacy, the JavaScript was stashed in a browser's cache folder and contained two separate means to uniquely identify visitors. First, it included the MUID, or machine unique identifier, contained in the tracking cookie, along with instructions to recreate the file in the event it was no longer found in the browser's cookie folder. The script also included the MUID in what's known as an ETag that was also stored in the cache

More at :-
http://www.theregister.co.uk/2011/08/22/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 22nd Aug, 2011 07:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Hunts Bugs with Variation on Bounty
By George V. Hulme, CSO Aug 21, 2011 3:27 pm

Bug bounty programs are designed to reward security researchers for finding flaws in a vendor's product that have made it past their own quality processes. Some organizations, such as Google and Mozilla, have had bug bounty programs in place for a time, while social networking site Facebook just announced a bug bounty program with a base reward of $500.

Microsoft, however, isn't interested in paying for help for one-off software vulnerabilities. The software vendor instead is swinging for the fence: Getting help from the security research community in exterminating entire classes of bugs. That was the message at the recent Black Hat security conference, with its announcement of the "BlueHat" Prize. The contest promises a first-place award of $200,000 to security researchers who come up with "a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities." Second prize will win $50,000.

More at :-
http://www.pcworld.com/article/237653/microsoft_hu...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 22nd Aug, 2011 09:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Windows 7 SP2 to Deal with Intel Core and Xeon CPUs Reliability Issues

August 22nd, 2011, 06:51 GMT| By Marius Oiaga
The second upgrade for Windows 7 will address reliability problems that customers running the RTM and SP1 versions of the OS have experienced in some scenarios on machines running Intel Core and Xeon CPUs.

According to Microsoft, the issues are limited to a small number of users, the reason why the company has not released an update to all customers.

Windows 7 Service Pack 1 and RTM as well as Windows Server 2008 R2 RTM and SP1 are affected by reliability glitches, the software giant said, but only when the platforms are paired with older releases of Intel processors, such as the chips belonging to the Core and Xeon families launched in 2006 and 2008.

“These issues are not common. These issues might affect processors that meet all the following conditions:

Read more at :-
http://news.softpedia.com/news/Windows-7-SP2-to-De...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Expert Contributor 22nd Aug, 2011 22:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

AUGUST 22, 2011
'Zombie cookies' won't die: Microsoft admits use, HTML5 looms as new vector
Despite lawsuits, bad publicity, and Adobe's promise to end their use in Flash, zombie cookies persist and could find a new host in HTML5
By Woody Leonhard | InfoWorldFollow @infoworld

One year ago this week, I wrote about zombie cookies, describing how Disney, MySpace, and NBC Universal had just been sued for using zombie cookies to track people even if they have gone to great lengths to disable, block, or delete cookies. Seven months ago, I mentioned that Adobe had taken up the pitchfork and vowed to make Flash zombie cookies a thing of the past.

So it's pretty shocking that Jonathan Mayer, a Stanford researcher, caught Microsoft using both a cache-based zombie cookie and a more advanced type of persistent "supercookie" to track folks even if they blocked or deleted browser cookies. Microsoft surreptitiously tracked users who had the temerity to visit MSN.com (in the United States, Canada, and Spain), the U.S. English home page of www.microsoft.com, or the Microsoft Store.

Perhaps even scarier, as HTML5 gains traction: Its local storage is a great feature, but one wide open for abuse for such items as zombie cookies. And Internet Explorer's InPrivate Browsing, Firefox's Private Browsing, and Chrome's Incognito browsing modes won't protect you from the ETag form of zombie cookies or from HTML5-based zombies.

More at :-
http://www.infoworld.com/t/internet-privacy/zombie...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Expert Contributor 22nd Aug, 2011 22:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
McAfee defends against Kaspersky's Shady RAT alarmist jibe

Blasphemy against the Virus Pope
By Lawrence Latif
Mon Aug 22 2011, 15:12
INSECURITY OUTFIT McAfee has called out self-titled 'Virus Pope' Eugene Kaspersky for calling Shady RAT a botnet.
Kaspersky weighed in on Shady RAT, claiming that McAfee didn't do the right thing by going public about the long-running intrusion into networks of governments, companies and non-profit organisations and that the move was alarmist. Now McAfee's Phyllis Schneck, VP and CTO of McAfee's Global Public Sector division has said that Kaspersky is "missing the point".


Read more: http://www.theinquirer.net/inquirer/news/2103489/m...
The Inquirer

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 23rd Aug, 2011 10:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PHP users warned to stay away from latest update

5.3.7 marred by serious crypto bug
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 22nd August 2011 20:26 GMT
Maintainers of the PHP scripting language are urging users to avoid an update released last week that introduces a serious bug affecting some cryptographic functions.

The flaw in version 5.3.7 involves the crypt() function used to cryptographically hash a text string. When using the command with the MD5 algorithm and some salt characters to help randomize the resulting hash value, the program returns only the salt, instead of the salted hash. The bug doesn't appear to affect the crypt() function when the DES or Blowfish algorithms are used.

“If crypt() is executed with MD5 salts, the return value consists of the salt only,” a bug report published on Wednesday stated. “DES and Blowfish salts work as expected.”

Despite the advisory, PHP maintainers released the update the following day. It fixed several security vulnerabilities, including a buffer overflow flaw on overlog salt in the crypt() function.

More at
http://www.theregister.co.uk/2011/08/22/php_securi...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 23rd Aug, 2011 10:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Stable Channel Update for Chromebooks
Monday, August 22, 2011 | 20:43
Labels: Chrome OS, Stable updates
The Google Chrome team is happy to announce the release of Chrome 13.0.782.216 (Platform version: 587.126) on the Stable Channel for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

Highlights:
Several Chrome security fixes. See blog post for details.
If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon.

Danielle Drew
Google Chrome
0 comments | Links to this post | Email Post

Stable Channel Update
| 14:43
Labels: Stable updates

The Chrome Stable channel has been updated to 13.0.782.215 for all platforms. This release contains the following security fixes.


Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$1000] [Windows only] [72492] Medium CVE-2011-2822: URL parsing confusion on the command line. Credit to Vladimir Vorontsov, ONsec company.
[82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz.
[$1000] [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz.
[88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz.
[$1000] [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
[$1000] [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov.
[$1337] [Windows only] [89836] Critical CVE-2011-2806: Memory corruption in vertex handing. Credit to Michael Braithwaite of Turbulenz Limited.
[$1000] [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz.
[91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined).
[$1500] [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov.
[$1000] [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG.
The full list of changes is available in the SVN revision log. Interested in switching to another? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 23rd Aug, 2011 11:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
What does the 'website scripts not responding' error message mean?
A problem with Firefox could be caused by a faulty add-on
Computeractive staff PC help Web 23/08/2011


Working in Firefox's Safe Mode should help identify the problem
Q I use Firefox and I keep getting messages that say a ‘script is not responding’. How do I sort this out?
James Ducan
A We don’t have a lot to go on but the most common causes of this problem are errors contained within website scripts or one or more faulty add-ons.
We think it’s safe to assume that these script-error messages are happening on more than just the one website. As a first course of action we’d advise using Firefox’s Safe Mode option to disable all add-ons to see if this eliminates the problems.
To do this in Firefox 4, click the Firefox button, point to Help and then choose Restart With Add-ons Disabled. Alternatively, hold down the Shift key while launching Firefox.
In earlier versions of the browser, click Start then point to All Programs followed by Mozilla Firefox and click Firefox (Safe Mode).
In all cases, Firefox will launch by displaying its Safe Mode dialogue box (this has nothing whatsoever to do with Windows’ own Safe Mode).
This dialogue box has several options but the one we’re interested in is the top one, ‘Disable all add-ons’, so click to tick it and then click the Continue in Safe Mode button.
Now try surfing for a while, being sure to visit any websites that have previously led to script-error messages. If all is well, then it is fair to conclude that an ill-behaved add-on is indeed the cause of your frustration.
The job now is to find the perpetrator – and this will be a case of trial and error. To begin, restart Firefox so it is no longer in Safe Mode. Now click Tools and choose Add-ons. In the Extensions dialogue box, open the Tools menu and choose Disable All.
Now reactivate just one add-on by clicking its entry in the list below and clicking Enable followed by Restart Firefox. Again, try surfing to see if script errors occur. Then, rinse and repeat. If you have a lot of add-ons, this could take a while.
By doing this, we think you will probably finger one or more add-ons as the cause of the problem. Either disable or uninstall these (via the Extensions dialogue box discussed earlier) or check the relevant developers’ websites to see if there are any known issues or updates


Read more: http://www.computeractive.co.uk/ca/pc-help/2093746...


--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 23rd Aug, 2011 13:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google's stealth updates: Why no one else gets away with it
How has Google managed to get users to accept its patches while other software vendors' updates are ignored or condemned?
By Roger A. Grimes | InfoWorldFollow @rogeragrimes


Google has a big advantage over competitors when it comes to pushing out patches for Chrome and other software products: The company can, by default, automatically update users' systems on Windows and Apple platforms. That's good for Google and for users in that it ensures people are running the newest, most secure version of the company's wares, which in turn helps to keep Google off top 10 lists of vendors with the most exploitable software. But Google seems to be the exception to the rule, and dealing with unpatched software remains a huge issue for the industry.

According to Kaspersky Lab, for example, Adobe and Java software now accounts for all 10 of the most popular successful exploits. Yet most of the holes discovered in those offerings are patched relatively quickly after public disclosure; it's just that people aren't downloading the patches. According to Zscaler's latest "State of the Web" security report, for example, more than 56 percent of enterprise Adobe Reader users are running an outdated version. This trend is not overly different for many of the world's most popular applications.

For example, according to Microsoft (my full-time employer), only 3 percent of Microsoft Office exploits targeted vulnerabilities that had been patched in the preceding year; put another away, 97 percent of exploits targeted vulnerabilities for which patches had been available for a year or more. Fifty-six percent of successful exploits were against systems that had not patched Office 2003 since the day it was installed; more than five years had gone by without a single patch.

Read more at :-
http://www.infoworld.com/d/security/googles-stealt...

--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 23rd Aug, 2011 17:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Skype Disputes Severity of XSS Vulnerability

August 23rd, 2011, 13:57 GMT| By Lucian Constantin

Skype disputes the severity of a new cross-site scripting vulnerability identified in its VoIP client and claims that it cannot be used to do more than change the appearance of text.

The vulnerability was discovered by an Armenian security researcher named Levent Kayan, aka noptrix, who recently identified similar flaws in instant messaging clients.

"Skype suffers from a persistent code injection vulnerability due to a lack of input validation and output sanitization of following profile entries: home, office, mobile," the researcher explains in his advisory.

An attacker can exploit the vulnerability to inject HTML or JavaScript code into a Skype profile with yet-to-be determined consequences. At the very least, at attacker could include a malicious link and encourage users to click on it.



Skype claims that the bug's impact is very limited and has little to no security implications. "We have had this reported to us by various media outlets and have confirmed that the person is mistaken, this is not a web window and while it does cause a phone number to be underlined, does nothing other than this" a spokeswoman said.

Read more at :-
http://news.softpedia.com/news/Skype-Disputes-Seve...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 23rd Aug, 2011 17:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Fix Windows 7, Vista SP2 and XP Application Incompatibility Problems via Update
August 23rd, 2011, 13:33 GMT| By Marius Oiaga

Customers can turn to a resource provided by Microsoft if they need help to deal with application incompatibility problems irrespective of the version of Windows they’re running.

KB 2388210 has been around for a while now, but it’s still an excellent source of links for a variety of application compatibility updates offered by the Redmond company for Windows releases that continue to enjoy support.

According to the software giant, customers running Windows XP Professional x64 edition, Windows Server 2003 Service Pack 2 (SP2), Windows Vista SP2, Windows Server 2008, Windows Server 2008 SP2, Windows 7, Windows Embedded Standard 7 and Windows Server 2008 R2.

Essentially, all customers running a variant of the operating system preceding Windows 7 SP1 or Windows Server 2008 R2 SP1 and running into incompatibility issues can take advantage of the app compatibility refreshes.

“Install this update to resolve a set of known application compatibility issues with Windows,” the company said. “Microsoft regularly releases application compatibility updates for these Windows operating systems.”

Microsoft indicates that KB 2388210 comes to replace a range of application compatibility updates released for Windows, covering mainly Windows 7 and Vista. I have included the download links provided by Microsoft at the bottom of this article.

It’s important to note that customers will come across more incompatibility issues moving forward. As Windows 7 is embraced by more and more users worldwide, software developers will see less and less value in adapting their software to also work on Windows Vista and Windows XP.

This trend will only accelerate over the next few years, leaving those customers that decide to stick with XP and Vista until the end to deal with more compatibility glitches.

Here are the download links for KB 2388210:
See full article at :-
http://news.softpedia.com/news/Fix-Windows-7-Vista...

--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 23rd Aug, 2011 17:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Opera 11.51 Release Candidate 1 (RC1)
August 23rd, 2011, 11:56 GMT| By Marius Oiaga

Opera 11.51 is an interim update that Opera Software will release ahead of launching the next major version of its browser, Opera 12.0 codenamed Wahoo.

Early adopters can already download the first Release Candidate (RC) of Opera 11.51, an update to Opera 11.50 which was developed under the codename Swordfish.

According to Ruarí Ødegaard from the Opera Desktop Team, Opera 11.51 is designed to bring to the table a collection of fixes for bugs affecting Opera 11.50 users.

“Whilst we continue work towards Opera 12.00 (Wahoo), there are some important bugs we need to fix in the 11.50 (Swordfish) line. Hence there will be an 11.51 maintenance/stability release between 11.50 and 12.00,” Ødegaard revealed.

Testers are encouraged to download Opera 11.51 RC Build 1084 and take the development snapshot out for a spin.

More at :-
http://news.softpedia.com/news/Download-Opera-11-5...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 23rd Aug, 2011 17:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google patches critical bug in Windows Chrome
Pays out $1,337 in bounty to British researcher for bug in 3-D rendering code

By Gregg Keizer
August 23, 2011 06:43 AM ETAdd a comment
Computerworld - Google on Monday patched 11 vulnerabilities in Chrome, including one of the rare bugs the company has deemed critical in its browser.

It was the second time this month that Google updated Chrome to fix flaws.

One of the 11 bugs was rated "critical," Google's highest threat ranking, nine were tagged as "high" and another was labeled "medium." The critical vulnerability was the sixth with that ranking Google has patched so far this year.

Google identified that bug as one involving "memory corruption in vertex handing," referring to code that adds special effects such as textures to 3-D shapes. The company credited Michael Braithwaite, a senior software engineer with Turbulenz Limited, a U.K. online gaming platform developer, with reporting the vulnerability.
Braithwaite's bug affected only the Windows version of Chrome.

http://www.computerworld.com/s/article/9219402/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 23rd Aug, 2011 20:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Password Roulette: Betting on Password Storage Apps
August 22, 2011
By Robert McGarvey

Call Ondrej Krehel the poster boy for the password problem that is confronting all of us. Password protection on corporate servers is proving to be dangerously porous -- think Sony, Citigroup, even RSA Security -- and that ups the pressure on every user to use a unique password with each website and Web service.
That is why Krehel, chief security officer at Identity Theft 911, a cyber security outfit, said "Of course I use a password storage app. I have over 300 passwords, most randomly generated. There is no way I could remember them all."

One problem however: app solutions to password storage just may multiply our risks and our problems. Details shortly.

First, feast on the core issue: our memories cannot expand to accommodate the many dozens, if not hundreds, of passwords we now are required to have. Pity the poor user who invokes the same password over and over (sadly, it often is "password" or "123456") said the security wonks because just one breach just may undo his whole cyber existence.

That is why increasing numbers of organizations are requiring users to create strong and varied passwords. Enter the multiplying number of password storage apps for mobile deployment as the smartphone becomes a wallet.

Read more at :-
http://www.esecurityplanet.com/trends/article.php/...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 24th Aug, 2011 09:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Tuesday, August 23, 2011 | 16:13
Labels: Beta updates
The Beta channel has been updated to 14.0.835.109 for Windows, Mac, Linux, and Chrome Frame. This release contains fixes for a number of stability issues along with other bugs. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 24th Aug, 2011 19:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PHP fixes its encryption problem

Upgrade a-go-go
By Dave Neal
Wed Aug 24 2011, 15:45
USERS OF the web scripting language PHP that were warned yesterday not to update the software have now been given the go-ahead by the developers with a replacement upgrade.
Yesterday, thanks to a faulty encryption component that failed to encrypt data, the PHP Group advised, as did security organisation the Sans Institute, that users resist their immediate temptation to update to PHP version 5.3.7, which was released on 18 August, and wait instead for the PHP 5.3.8 update.
Today, and earlier than expected, the group alerted users that it was releasing the PHP 5.3.8 update and had fixed the critical encryption bug as well as one other that could have caused SSL connections to hang.


Read more: http://www.theinquirer.net/inquirer/news/2104271/p...
The Inquirer

--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 24th Aug, 2011 20:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Devastating' Apache bug leaves servers exposed

Devs race to fix weakness disclosed in 2007
By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 24th August 2011 18:05 GMT
Maintainers of the Apache webserver are racing to patch a severe weakness that allows an attacker to use a single PC to completely crash a system and was first diagnosed 54 months ago.

Attack code dubbed “Apache Killer” that exploits the vulnerability in the way Apache handles HTTP-based range requests was published Friday on the Full-disclosure mailing list. By sending servers running versions 1.3 and 2 of Apache multiple GET requests containing overlapping byte ranges, an attacker can consume all memory on a target system.

Read more at :-
http://www.theregister.co.uk/2011/08/24/devastatin...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 24th Aug, 2011 20:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New ZeuS Spin-Off Threatens Users
August 24th, 2011, 12:50 GMT| By Lucian Constantin

Security researchers from Kaspersky Lab warn about a new crimeware pack called Ice IX which was built using the ZeuS source code leaked earlier this year.

Just like its parent, Ice X is sold on the underground market and can be used to generate custom trojans that join infected computers into botnets.

According to Kaspersky Lab expert Jorge Mieres, Ice X has been in the wild for some time already and the builder is available for $1800, a relatively high price considering that the entire ZeuS source code was once advertised for $10,000.

ZeuS remains the most popular banking trojan among cyber fraudsters, its infection count currently exceeding that of its closest competitor, SpyEye, four to one.

More at :-
http://news.softpedia.com/news/ZeuS-Spin-Off-Threa...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 24th Aug, 2011 20:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 to Change Everything 16 Years after Windows 95 Changed the PC

August 24th, 2011, 14:39 GMT| By Marius Oiaga

August 24 2011 is not only the 10th anniversary since Windows XP was released to manufacturing but also the day when Windows 95 turns 16.

Six years ahead of the release to manufacturing deadline of Windows XP, Microsoft launched Windows 95, an operating system which it had developed under the codename Chicago.

In addition to the Chicago codename, the Redmond company also referred to Windows 95 as Windows 4.0 internally.

August 24, 1995 was a crucial moment for the software giant’s platform, since Windows 95 started the dominance of Windows.

More at :-
http://news.softpedia.com/news/Windows-8-to-Change...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 24th Aug, 2011 21:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
A security company has demonstrated how Windows DNS Server is vulnerable to the reverse-engineered-patch attack
By Jon Brodkin | Network World

The security company Qualys this week demonstrated how to reverse-engineer a Microsoft patch in order to launch a denial-of-service attack on Windows DNS Server.

The proof-of-concept shows the steps hackers could take to attack Windows and highlights the importance of deploying Microsoft patches as soon as possible after their monthly Patch Tuesday release.

The patch that Qualys used closed two holes in Windows DNS Server and was rated critical, Microsoft's most severe security rating. Microsoft said it did not expect the vulnerability to be exploited by attackers this month, but the Qualys proof-of-concept shows such exploits would be possible.

More at :-
http://www.infoworld.com/d/security/hackers-could-...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 25th Aug, 2011 21:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
That UK.gov Firefox cookie leakage snafu explained

Cockup, not conspiracy
By Kevin Murphy •
Posted in Hosting, 25th August 2011 14:34 GMT
If you've used the latest version of Firefox to visit a UK government website in the last few weeks, you may have noticed something unusual in the browser address bar.

Instead of highlighting, for example, direct.gov.uk, as you might expect from Firefox 6.0's new domain-conscious security behaviour, only the gov.uk portion is shown in bold type.

Read more at :-
http://www.theregister.co.uk/2011/08/25/cookie_lea...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 25th Aug, 2011 21:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Is Chrome More Secure Thanks to Adobe?
August 24, 2011
By Sean Michael Kerner

For as long as there have been Web browsers, there have been debates about which browser is the most secure. In the modern world of Web based attacks, security isn't just about the Web browser, but also about the applications and plugins that a browser uses. That's where Google's Chrome differs from every other major browser vendor.
Chrome includes an integrated Adobe Flash Player. While other vendors including Microsoft IE, Mozilla Firefox and Apple Safari support Flash, it is not directly integrated.

Going a step further, Google has a silent updating mechanism that updates Chrome users to the latest version of the browser as well as the latest version of Flash Player. In some cases, Chrome users may get the Flash update as many as 12 hours ahead of the general availability from Adobe for other browsers.

Read more at :-
http://www.esecurityplanet.com/trends/article.php/...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 25th Aug, 2011 22:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New Wave of Xerox WorkCentre Malicious Spam Hits Email Inboxes
August 25th, 2011, 14:52 GMT| By Lucian Constantin
Security researchers warn of a new wave of spam emails posing as automated messages from Xerox WorkCentre Pro multifunctional devices that carry malicious attachments.

The Xeros WorkCentre Pro devices are popular and likely to be found in many business offices. This suggests that the primary targets of this campaign are companies and not individuals.

The rogue emails bear subjects of the form "Scan from a Xerox WorkCentre Pro #[number]" and claim to contain scanned documents.

The emails spoof the automated messages sent by the devices when their real email function is used. They read:

"Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro. Sent by: Guest. Number of Images: 1. Attachment File Type: ZIP [DOC]."

The attachements have names like Xerox_Document_08.23_C11125.zip or Xerox_Scan_08.23_K1274.zip and instead of documents they actually contain trojan installers.

This method of passing infected files as scanned documents is not new, but its repeated reuse suggests that the technique is rather successful.

More at :-
http://news.softpedia.com/news/New-Wave-of-Xerox-W...

--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 25th Aug, 2011 22:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 25th Aug, 2011 22:09
Zero-Day Vulnerability Exploited in PrestaShop
August 25th, 2011, 12:58 GMT| By Lucian Constantin
The PrestaShop developers are warning users that hackers are exploiting a zero-day vulnerability in the e-commerce solution and is urging them to deploy a fix.

The vulnerability was identified when PrestaShop's own website was hacked on Tuesday, an event that put the development team in full alert.

"Last night, the PrestaShop’s official website, prestashop.com, was hacked, resulting in the misappropriation of a script intended for transcribing news information in the Back Office of PrestaShop stores," the developers announce.

"The entire PrestaShop team dedicated ourselves to identifying and fixing this issue as quickly as possible. That fix has been completed," they add.

Versions 1.4, 1.4.1, 1.4.2, 1.4.3 and 1.4.4 of the popular open source e-commerce solution are vulnerable, but not all installations are necessarily affected.

Read more at :-
http://news.softpedia.com/news/Zero-Day-Vulnerabil...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 25th Aug, 2011 22:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Google Chrome 15.0.861.0 Dev

August 25th, 2011, 10:37 GMT| By Marius Oiaga

After it released new Beta and Stable Builds of Chrome 14 and respectively Chrome 13 earlier this week, Google is providing early adopters testing the most advanced version of its open source browser new bits to play around with.

Google Chrome 15.0.861.0 is now available for download through the Dev Channel, an update which pushes version 15 of the browser a little bit farther along on the development process.

As it’s usually the case with Google, Chrome 15.0.861.0 Dev releases were synchronized for all supported platforms, namely Windows, Mac OS X and Linux.

Testers running Chromebooks are yet to get a new Dev Channel Build of Chrome 15 for Chrome OS, but undoubtedly, the Mountain View-based search company will produce fresh releases soon enough, most probably by the end of this week.

Early adopters that update to Chrome 15.0.861.0 Dev will be able to notice a boost in reliability compared to previous Dev Build of Chrome 15.

Google underlined that the latest Chrome 15 Dev release is designed to introduce fixes for a number of stability issues which resulted in crashes.

The company also focused on resolving additional bugs, such as one which caused popup windows launched by Chrome extensions to appear blank instead of displaying the normal content to users.

More at :-
http://news.softpedia.com/news/Download-Google-Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 26th Aug, 2011 21:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 7 Update Lets IE9 Install Without Restarting the PC
August 26th, 2011, 14:17 GMT| By Marius Oiaga

Internet Explorer 9 installations cannot complete unless the computer is restarted during the deployment process.

Microsoft indicates that this behavior is not generalized, but I had to restart all the machines I own and manage on which I installed IE9, and I highly doubt it that I was the only one.

On sever occasions I asked myself how can the latest versions of Firefox, Chrome, and Opera install without requiring an update, while Internet Explorer needs to reboot the machine.

But according to the Redmond company this issue can be corrected with just a simple update. Well, as long as users are running Windows 7, at least.

Windows 7 customers can download KB 2467023, with the refresh also being offered to those with Windows Server 2008 R2.

“In some scenarios, after you install Internet Explorer 9, or a later version of Internet Explorer update from Windows Update or Microsoft Update, you may be prompted to restart your computer. This update reduces the number of scenarios in which a restart is required,” the software giant notes.

Microsoft reveals that this particular update: “addresses issues that occur when system binaries are unloaded and loaded in Windows 7 and in Windows Server 2008 R2.”

More at :-
http://news.softpedia.com/news/Windows-7-Update-Le...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 26th Aug, 2011 21:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The first human-like astronaut robot - Robonaut 2 or R2 - has awakened at the International Space Station - and already started tweeting.

"Those electrons feel GOOD! One small step for man, one giant leap for tinman kind," said the robot's first tweet.

R2 was brought to the ISS in February 2011 on board of space shuttle Discovery.

It has been designed to work alongside humans, helping them both inside and outside the station.

Although there were tweets sent from R2′s account (@astrorobonaut) before it "woke up", now its nearly 40,000 followers can rest assured the robot is indeed actively "tweeting" as its circuits are operational.

More at :-
http://www.bbc.co.uk/news/technology-14647644

--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 26th Aug, 2011 21:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Computerworld - Mozilla will not scrub the version number from Firefox's "About" box after all, putting an end to a often-heated debate that first surfaced two weeks ago.

"There are no plans to adjust the version number. It will remain in its current place in the About window, and we are going to continue with the current numbering scheme," said Alex Faaborg, a principal designer at Mozilla, in a message on the "mozilla.dev.usability" discussion list Tuesday.

In another message on the same thread, Faaborg blamed "miscommunication inside of the [user experience] team" for the blow-up about the departing version number.

On Aug. 14, Asa Dotzler, a director of Firefox, announced that version numbers were irrelevant to Firefox users, and said that they would be stripped from the About box, which is used by most locally-installed software to identify the edition being run.
The reaction was almost unanimously negative, and as that original thread grew -- it eventually included about 440 messages, an amazing number for a Mozilla discussion -- many people complained as much about Dotzler's attitude as about the decision itself.

More at :-
http://www.computerworld.com/s/article/9219521/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 26th Aug, 2011 21:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Was this the email that took down RSA?
A spear phishing email that has surfaced in a security database looks like it may have been the one to hit RSA

By Robert McMillan | IDG News Service


"I forward this file to you for review. Please open and view it."

As a ploy to get a hapless EMC recruiter to open up a booby-trapped Excel spreadsheet, it may not be the most sophisticated piece of work. But researchers at F-Secure believe that it was enough to break into one of the most respected computer security companies on the planet, and a first step in a complex attack that ultimately threatened the security of major U.S. defense contractors including Lockheed Martin, L-3, and Northrop Grumman.

Read more at :-
http://www.infoworld.com/d/security/was-the-email-...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 26th Aug, 2011 22:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
How To Protect Yourself From Supercookies
By Alex Wawro, PCWorld

Everybody loves cookies, those little packets of code that websites leave in your browser. We love them because they make Web browsing more convenient by saving our usernames, passwords and other unique data from one session to the next. Marketing companies love them because they uniquely identify visitors and can be combined with traffic logs to compile a profile of your interests and browsing habits.
As long as you are a willing participant, this sort of tracking can be a good thing; browser cookies allow online retailers to tailor their websites to your needs and ensures you are more likely to see advertisements for products and services relevant to your interests. The problem is that lots of unscrupulous companies are using underhanded techniques to sneak cookies into your browser even when you don’t want them. They’re called supercookies, and they can be stopped with a few free utilities and some simple precautions.

More at :-
http://www.pcworld.com/businesscenter/article/2388...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 27th Aug, 2011 11:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malvertizing Spotted on Google's DoubleClick

August 26th, 2011, 17:00 GMT| By Lucian Constantin
Security researchers from web security vendor Armorize have spotted malicious ads on Google's DoubleClick network that lead to drive-by download exploits.

"In the past few days, our scanners noticed malvertising on Google DoubleClick. The malvertisement is being provided to DoubleClick by Adify (Now a part of Cox Digital Solutions), and to Adify by Pulpo Media, and to Pulpo Media by the malicious attackers pretending to be advertisers: indistic.com," the Armorize experts warn.

"The malvertisement causes visitor browsers to load exploits from kokojamba.cz.cc (the exploit domain), which is running the BlackHole exploit pack. Currently, 7 out of 44 vendors on VirusTotal can detect this malware," they add.

Malvertizing has become a common infector vector in recent years. Malware pushers use social engineering and impersonation to trick advertising networks to accept their ads, after which they start serving malicious code through them.

More at :-
http://news.softpedia.com/news/Malvertizing-Spotte...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 27th Aug, 2011 11:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
File Infector Morphs into Financial Infostealer

August 26th, 2011, 16:54 GMT| By Lucian Constantin

Security vendor Trusteer warns about a file infector which in the past several weeks has begun to transition towards stealing financial information.

Dubbed Ramnit, the virus was first discovered in 2010 and infects executable and HTML files in order to spread. It also copies itself to removable drives and opens a backdoor on the infected computers.

"Although Ramnit employs old generation malicious techniques, we kept it on our malware radar, and a few weeks ago we started seeing something interesting.

"Apparently, Ramnit morphed into a financial malware, or at least was used as a platform to commit financial fraud," Trusteer security researchers warn.

The malware communicates with the command and control server at all times over HTTPS, downloading updated instructions.

As most banking trojans, it features a man-in-the-browser web injection component which allows it to alter the pages users see in real time.

More at :-
http://news.softpedia.com/news/File-Infector-Morph...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 28th Aug, 2011 11:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 13 to Release in Mid-2012

August 27th, 2011, 15:01 GMT| By Marius Oiaga
Mozilla is on a mission. No less than three more Firefox releases will be launched by the end of 2011. Another four will follow in the first half of next year. By mid-2012 Mozilla users will be able to download and run Firefox 13 Final.

Earlier this month, Firefox 6 was made available for download, and early adopters got Firefox 7 Beta, Firefox 8 Aurora, and Firefox 9 Nightly for testing.

Mozilla overhauled its development process and the release cycle of the open source browser after Firefox 4.0 shipped, and the company intends to stick with it.

Users holding their breath, waiting for the good old days of one major Firefox version release per year, should exhale and get comfortable, because they’re in for quite a ride.

“Mission drives Mozilla. People sometimes forget that we’re a non-profit, that our only job is to make the Web a better place. Rapid release advances our mission in important ways. We get features and improvements to users faster. We get new APIs and standards out to web developers faster. We are delivering on the promise of the web at web speed,” explained Johnathan Nightingale, director of Firefox Engineering.

The plan is to ship Firefox 7 in September 2011, Firefox 8 in November and Firefox 9 in December, just ahead of Christmas.

Starting in January 2012, end users will get Firefox 10, then Firefox 11 in March, Firefox 12 in April and Firefox 13 in June.

This enumeration can obviously continue for the remainder of 2012 as well as 2013. By the looks of it, Firefox 20 will be released approximately two years from now.

More at :-
http://news.softpedia.com/news/Firefox-13-to-Relea...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 28th Aug, 2011 12:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Defending Against The 'Apache Killer' Exploit

By Sean Michael Kerner

The Apache HTTP web server is the most widely deployed Web server on the Internet today and it's at risk from a serious denial of service (DoS) attack.
The 'Apache Killer' tool is now out in the wild enabling attackers to consume all of the memory on a Web server creating a DoS condition. Apache has issued multiple security advisories on the issue and are planning on releasing a patch this weekend.

"A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server," Apache warned in its latest advisory. "The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server."

Apache also warns that the default Apache HTTPD installation is vulnerable.

More at :-
http://www.esecurityplanet.com/news/article.php/39...

--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 28th Aug, 2011 22:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Nations With Low Malware Rates Have Better ISPs
By John E Dunn, Techworld.com Aug 28, 2011 3:30 pm

Countries with good national security teams (CERTs) and diligent ISPs show consistently lower rates of malware infection than those states that adopt a less paternalistic approach to security, a new analysis by Microsoft researchers has suggested.

According to statistics drawn from the company's widely-used Malicious Software Removal Tool (MSRT), the countries which have shown notably lower infection rates of malware are Austria, Finland, Germany, and Japan.

Using the yardstick of computers cleaned per mile (CCM)*, Austria recorded a normalized rate of 3.3 CCM in Q4 2010, Finland 2.3, Germany 5.3, and Japan 2.3, all significantly below the global average taken from 116 countries of 8.3. These low rates have remained consistent since the first measurements taken in 2007.

Paradoxically, one possible explanation was not the number of malware download sites hosted in each country, which in several of them was somewhat higher for some classes of malware than the levels seen in the U.S., a country with raised levels of infection at PC level.

Having examined the special conditions and security culture of each country, Microsoft's conclusions are clear -- lower infection rates have a lot to do with the intervention by ISPs, security bodies, and admins at the earliest point problems are detected.

Read more at :-
http://www.pcworld.com/article/239010/nations_with...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 28th Aug, 2011 22:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Scariest IPv6 Attack Scenarios
By Carolyn Duffy Marsan, NetworkWorld

Experts are reporting a rise in the number of attacks that take advantage of known vulnerabilities of IPv6, a next-generation addressing scheme that is being adopted across the Internet. IPv6 replaces the Internet's main communications protocol, which is known as IPv4.

Read more at :-
http://www.pcworld.com/businesscenter/article/2388...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 29th Aug, 2011 11:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Worm spreading via RDP

‘Morto’ drives Port 3389 traffic spike
By Richard Chirgwin • Get more from this author
Posted in Malware, 28th August 2011 22:55 GMT
It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).

F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.

SANS, which noticed heavy growth in RDP scan traffic over the weekend, says the spike in traffic is a “key indicator” of a growing number of infected hosts. Both Windows servers and workstations are vulnerable.

Read more at :-
http://www.theregister.co.uk/2011/08/28/morto_worm...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 29th Aug, 2011 19:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Sophisticated File Infector Powers Click Fraud Scam

August 29th, 2011, 13:24 GMT| By Lucian Constantin

Security researchers from Symantec have uncovered a click fraud scam instrumented with the help of a sophisticated file infector.

It was actually the infector, called W32.Xpaj.B, that attracted the attention of malware analysts with its complex detection-evading techniques.

W32.Xpaj.B infects executable files on computers and network drives which then query the command and control servers every time they are run.

"W32.Xpaj.B is one of the most complex and sophisticated file infectors Symantec has encountered," the company's analysts say in their research paper. [pdf]

"The techniques W32.Xpaj.B uses to conceal itself within an executable are far beyond the norm," Symantec's Gavin O Gorman notes.

Despite resembling a general purpose downloader, W32.Xpaj.B has only been used as part of this click fraud scheme that hijacks legitimate search engine queries and returns ad-laden results.

More at :-
http://news.softpedia.com/news/Sophisticated-File-...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 29th Aug, 2011 19:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 7 Guided Help Articles from Microsoft Support

August 29th, 2011, 11:00 GMT| By Marius Oiaga

Microsoft is offering users a collection of “Guided Help” articles designed to simplify various tasks they need to perform in Windows 7.

All Guided Help resources are available free of charge on the Microsoft Help and Support website, just click this link in order to get to them.

I received a total of 16 results to a search for such content, and more than 10 of the articles highlighted contain guidance for end users to perform a variety of actions.

Customers can turn to the Microsoft Help and Support site in order to access information on how to produce a Power Efficiency Diagnostics Report for their Windows 7 machine, for example.

More at :-
http://news.softpedia.com/news/Windows-7-Guided-He...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 29th Aug, 2011 21:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Belarc Advisor - Free Personal PC Audit (Version 8.2d)


Download Belarc Advisor | Download Tips | Frequently Asked Questions

The Belarc Advisor builds a detailed profile of your installed software and hardware, network inventory, missing Microsoft hotfixes, anti-virus status, security benchmarks, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.
Operating Systems: Runs on Windows 7, 2008 R2, Vista, 2008, 2003, XP, 2000, NT 4, Me, 98, and 95. Both 32-bit and 64-bit Windows is supported.
Browsers: Runs on Internet Explorer, Firefox, Safari, Opera, and many others.
File size: 2812 KB.
License: The license associated with this product allows for free personal use only. Use on multiple PCs in a corporate, educational, military or government installation is prohibited. See the license agreement for details.
Wish to run the Belarc Advisor on your corporate network, see FAQs below.
Belarc's commercial products are used for software license management, hardware upgrade planning, cyber security status, information assurance audits, IT asset management, configuration management, and more.

DOWNLOAD TIPS:

Click on the Click Here to Download icon.
Click the Run button in Internet Explorer's File Download pop-up.
The Belarc Advisor will automatically install, build a profile of your hardware and software, and display this in your Web browser.

Read more at :-
http://www.belarc.com/free_download.html

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 29th Aug, 2011 21:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 29th Aug, 2011 22:00
Getting Involved
Chrome Release Channels
Contents
1 Channels
1.1 Windows
1.2 Mac
1.3 Linux
2 How do I choose which channel to use?
3 What should I do before I change my channel?
3.1 Back up your data!
3.2 Enable anonymous usage statistics
4 Reporting Dev channel and Canary build problems
5 Going back to a more stable channel
Chrome supports a number of different release channels. We use these channels to slowly roll out updates to users, starting with our close to daily Canary channel builds, all the way up to our Stable channel releases that happen every 6 weeks roughly.
Channels

Windows

Stable channel for Windows
Beta channel for Windows
Dev channel for Windows
Canary build for Windows (Note, this will run in parallel to any other Chrome channel you have installed, it will not use the same profile)

Read more at :-
http://www.chromium.org/getting-involved/dev-chann...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 30th Aug, 2011 09:31
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hackers acquire Google certificate, could hijack Gmail accounts
Repeat of Comodo affair last March; foreign government may be behind theft, says researcher

By Gregg Keizer
August 29, 2011 05:26 PM ET3 Comments
Computerworld - Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today.

Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by the Mountain View, Calif. company.

"This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.

"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.

More at :-
http://www.computerworld.com/s/article/9219569/Hac...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 30th Aug, 2011 09:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox's rapid release schedule harms bug-squashing efforts
A former Mozilla volunteer says the project, already squeezed for triage time, needs to handle bug reports more intelligently

By Ted Samson | InfoWorld


Mozilla has garnered unfriendly attention lately after a former volunteer criticized the group's slow responses to bug reports. The timing of the post and the resulting response from observers is notable: It all comes in the wake of Mozilla's "rapid release" initiative, through which the group has pledged to roll out an updated version of its Firefox browser every 16 weeks, possibly sans version number. Mozilla's decision to dramatically speed up its development cycle has met enough resistance to put the group's chair, Mitchell Baker, on the defensive.

More at :-
http://www.infoworld.com/t/web-browsers/firefoxs-r...

--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 30th Aug, 2011 09:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Dev Channel Updates for Chromebooks
Monday, August 29, 2011 | 21:03
The Google Chrome team is happy to announce the release of Chrome 15.0.862.1 (Platform version: 950.0) on the Dev Channel for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

Highlights:
Fix several stability issues along with other bugs.
Updated New Tab Page
Multimedia player fixes

If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Beta channel? Find out how.

Josafat Garcia
Google Chrome
2 comments | Links to this post | Email Post

Dev Channel Update
| 17:59
Labels: Dev updates

The Dev channel has been updated to 15.0.865.0 for Windows, Mac, Linux, and Chrome Frame.

Note: we are doing a performance experiment on Windows only. Some users will get 15.0.865.1000. This version is identical to 865.0 in features but has different optimizations.

All
Updated V8 3.5.8.0
r98474: Fixed some downloads crashers occurring due to over-aggressive consistency checks.
Print Preview is working once again.
Fixed issue where turning on sync encryption could remove bookmark titles.
Windows
r98148: When downloading a file with illegal trailing characters in the file name, they are replaced rather than truncated.
Known Issues
Angry birds doesn’t load when switching from SD to HD on Mac (Issue: 94629)
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 30th Aug, 2011 15:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Fake Facebook spam cannon fires double-shotted malware

Duff Flash on top of Blackhole, both packed with ZeuS
By John Leyden • 30th August 2011 10:51 GMT
Malicious spam messages generated by the infamous Cutwail botnet are targeting Facebook users as potential banking Trojan victims.

The messages arrive in the guise of a Facebook friend invite notification. The emails look genuine enough on casual inspection, thanks to the malware-spinners' apparent use of a genuine Facebook template. But where a genuine Facebook invite contains links to the real social networking site, the malicious emails feature custom links to malware sites. In addition, the emails differ from the genuine article because they do not feature Facebook profile photos. The recipient's email address is also absent from the fine print at the bottom of the bogus invites.

Users tricked into clicking on the malicious link are exposed to a double-barrelled malware based attack. Firstly they are offered a bogus Adobe Flash update. In addition, clicking on the link opens a hidden iFrame, which then loads data from a remote server hosting the Blackhole Exploit Kit. The exploit kit attempts to exploit browser security holes, most notably involving insecure Java installations.

More at :-
http://www.theregister.co.uk/2011/08/30/facebook_s...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 30th Aug, 2011 16:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google says Gmail attack focused on Iranian targets
Google, Microsoft and Mozilla are revoking a rogue SSL certificate that could be used to spy on e-mail accounts
IDG News Service - Google said late Sunday that an attack mounted against its Gmail service targeted users primarily located in Iran, although the company has taken steps to block further interception attempts.

Google discovered that attackers had acquired a Secure Sockets Layer (SSL) certificate valid for any website in the google.com domain. The SSL certificate is used to vouch for the authenticity of websites and protect against security threats such as "man-in-the-middle" attacks.

Private companies, known as certificate authorities (CAs), make money from issuing digital certificates, although experts have pointed out there are many weaknesses in how certificates are issued that could undermine security.

In this case a Dutch CA, DigiNotar, issued an SSL certificate for the google.com domain on July 10, without Google's knowledge. It has since revoked the certificate.

More at :-
http://www.computerworld.com/s/article/9219582/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 30th Aug, 2011 19:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Fake FDIC Emails Spread Malware

August 30th, 2011, 13:53 GMT| By Lucian Constantin

Security researchers from Sophos warn about a wave of malicious emails posing as official notifications from the Federal Deposit Insurance Corporation (FDIC).

The rogue emails bear a subject of "FDIC notification" and have their headers spoofed to appear as originating from a no.reply@fdic.gov address.

As most spam emails, the body message is full of mistakes, which should serve as indication that it did not originate from a government agency. It reads:

"Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version.

"To download and install the newest installations read the document(pdf) attached below. As soon as it is setup, you transaction abilities will be fully restored."

The attachment is called FDIC_document.zip and contains an executable file of the same name. The file has a PDF icon and since Windows 7 does not display known file extensions, it might easily trick users.

Read more at :-
http://news.softpedia.com/news/Fake-FDIC-Emails-Sp...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 30th Aug, 2011 19:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hacked Dutch CA Misses Rogue Certificate Despite Audit

August 30th, 2011, 14:49 GMT| By Lucian Constantin

DigiNotar, the Dutch Certificate Authority that issued a rogue Google certificate, confirmed suffering a security breach back in July and performing a security audit as a result.

From a statement regarding the incident issued by DigiNotar's parent company, VASCO Data Security International, it seems the DutchCA knew that hackers issued rogue certificates, but failed to revoke all of them.

"On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com.

"At that time, an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time," VASCO said.

Read more at :-
http://news.softpedia.com/news/Hacked-Dutch-CA-Mis...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 30th Aug, 2011 19:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 30th Aug, 2011 19:39
Microsoft Protects IE Users Against Google Spoofing Attacks Abusing Rogue DigiNotar Certificate
August 30th, 2011, 13:11 GMT| By Marius Oiaga

Microsoft has removed a rogue SSL root certificate issued by DigiNotar from the list of trusted Windows root certificates in an effort designed to protect users of Internet Explorer from attacks impersonating Google online properties, including Gmail.

More at :-
http://news.softpedia.com/news/Microsoft-Protects-...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 30th Aug, 2011 22:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Update
Tuesday, August 30, 2011 | 12:44
Labels: Stable updates
The Stable channel has also been updated to 13.0.782.218 for Windows, Mac, Linux, and Chrome Frame.

These releases contain an updated version of the Adobe Flash Player.

If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 30th Aug, 2011 22:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google, OpenDNS flip switch to speed up the Internet
The Global Internet Speedup initiative challenges Akamai and Limelight while creating potential privacy issues

By Ted Samson | InfoWorldFollow @tsamson_IW

Leave it to Google to give away for free what other companies charge for. The company has teamed up with OpenDNS to officially kick off the Global Internet Speedup initiative today, an effort to turbocharge delivery of Web content by making DNS requests smarter.

For users, the initiative means that they will enjoy a faster Web browsing experience when accessing content delivered via OpenDNS, Google Public DNS, and other participating CDNs (content delivery networks).

The underlying technology for the Global Internet Speedup initiative, a standard called edns-client-subnet, is pretty straightforward: When a user's machine sends a DNS request for Web content, it includes the first three numbers of the user's IP address. Based on those three digits -- which represent the user's geographic location at the country level, not city -- the request will be automatically sent to the closest, fastest, or least congested server (a local cache).

Read more at :-
http://www.infoworld.com/t/internet/google-opendns...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 30th Aug, 2011 23:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google one of many victims in SSL certificate hack
Fraudulent SSL and EVSSL certificates were issued for several dozen other websites

By Jeremy Kirk | IDG News Service


A Dutch company that issues digital certificates used to authenticate websites said late Tuesday that several dozen other websites in addition to Google have been affected by a security breach.

The company, DigiNotar, issues SSL (Secure Sockets Layer) and EVSSL (Extended Validation) certificates, which are validated by Web browsers to ensure people are not visiting a fake website that is trying to appear legitimate.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

DigiNotar is what's called a CA (Certificate Authority), an entity that sells digital certificates to legitimate website owners. But DigiNotar issued a digital certificate for the google.com domain, a mistake that could allow a skilled attacker to intercept someone's email.

Google said Monday the fraudulent certificate was used and targeted users in Iran, although a security feature in its Chrome browser detected the certificate, tipping off users with a warning.

More at :-
http://www.infoworld.com/d/security/google-one-man...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 30th Aug, 2011 23:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apache squashes 'devastating' bug under attack

Byte range vuln exposed servers to crippling DoS exploit
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 30th August 2011 20:57 GMT
Maintainers of the open-source Apache webserver have fixed a severe weakness that attackers are exploiting to crash websites.

Flaws in Apache's HTTP daemon made it easy to crash servers using publicly available software released last week. The bugs in the way the HTTPD processed multiple web requests that involved overlapping byte ranges allowed attackers to overwhelm servers by sending them a modest amount of traffic.

An advisory on Apache's website said the bug, formally known as CVE-2011-3192 has been fixed in version 2.2.20.

More at :-
http://www.theregister.co.uk/2011/08/30/apache_dos...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 31st Aug, 2011 04:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Tuesday, August 30, 2011 | 16:51
Labels: Beta updates
The Beta channel has been updated to 14.0.835.122 for Windows, Mac, Linux, and Chrome Frame. This release contains fixes for a number of stability issues along with other bugs, and an updated version of Adobe Flash Player. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 31st Aug, 2011 04:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Update
Tuesday, August 30, 2011 | 12:44
Labels: Stable updates
The Stable channel has also been updated to 13.0.782.218 for Windows, Mac, Linux, and Chrome Frame.

These releases contain an updated version of the Adobe Flash Player. We also disabled a certificate authority (CA).

If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

http://googlechromereleases.blogspot.com/2011/08/s...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 31st Aug, 2011 05:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Did Google certificate forgers hit hundreds more sites?

Google Chrome blacklists 247 credentials
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 30th August 2011 22:51 GMT
The hack attack that minted a fraudulent authentication credential for Google.com may have affected hundreds of other websites, a review of source code for Google's Chromium browser suggests.

A side-by-side review comparing code contained in an upcoming version of Chrome increased the number of secure sockets layer certificates hardcoded in the browser's blacklist by 247. A comment accompanying the additions said: “Bad DigiNotar leaf certificates for non-Google sites.”

As previously reported, Microsoft, Google, Firefox, and other software makers announced updates on Monday to prevent their products from trusting SSL certificates issued by DigiNotar. They took the unprecedented move following Monday's discovery that the Netherlands-based certificate authority had issued a bogus certificate for Gmail, Google Docs, and other Google services that was being used to target people in Iran.

Read more at :-
http://www.theregister.co.uk/2011/08/30/google_chr...

--
Was this reply relevant?
+0
-0
mogs CClip 105
Expert Contributor 31st Aug, 2011 09:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kaspersky: Majority of Hackers Aren't Activists

The majority of DDoS attacks in the second quarter were carried out for financial gain.

By eSecurityPlanet Staff | August 30, 2011 Share
According to a new Kaspersky Lab report, the majority of DDoS attacks in the second quarter of 2011 were carried out for financial gain, not for Anonymous-style activism.

"The top four targets of DDoS attacks in the second quarter were online shopping, gaming, stock exchange and banking sites, in that order, accounting for 69 percent of all DDoS attacks, according to the report on botnet activity from Kaspersky Lab," writes Threatpost's Brian Donohue.

"As for the 'hacktivism' that’s gotten a lot of coverage lately, the bottom four spots on the list (excluding the one percent designated 'other') are transport, other business related and government sites respectively, accounting for a mere seven percent of attacks," Donohue writes.


http://www.esecurityplanet.com/malware/kaspersky-m...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Expert Contributor 31st Aug, 2011 10:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Opera 11.51 Final
August 31st, 2011, 08:23 GMT| By Marius Oiaga

The first update for Opera 11.50 is now available for download from Opera Software, and the company just announced the release of Opera 11.51 officially.

Opera 11.51 is not a new iteration of the browser, but rather a refresh designed to resolve some issues which survived past 11.50.

The Norway-based browser vendor made available two Release Candidate (RC) Builds of Opera 11.51 last week, and apparently the two snapshots were all it took to wrap up the update.

Undoubtedly, Opera 11.51 will make its way to users automatically soon enough, most likely by the end of today, although probably starting in the next few hours.

More info/to read at :-
http://news.softpedia.com/news/Download-Opera-11-5...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Expert Contributor 31st Aug, 2011 18:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google and Mozilla Release Updates to Kill Hacked CA
August 31st, 2011, 10:56 GMT| By Lucian Constantin

Google and Mozilla have released updates to Chrome and Firefox in order to remove the root certificate of DigiNotar, the hacked Dutch Certificate Authority (CA) that failed to revoke a rogue google.com cert.

The security industry is in uproar over a rogue *.google.com SSL certificate being found in the wild and having possibly been used by the Iranian government in country-wide man-in-the-middle attacks against Gmail users.

The certificate issuer, VASCO-owned DigiNotar admitted suffering a security breach back in July which resulted in hackers issuing rogue certs for several high-profile domains.

Despite undergoing an internal investigation and an audit performed by an external party, the company failed to revoke the rogue Google certificate that was used in the wild for weeks.

The incident comes after in March an Iranian hacker broke into the network of Comodo reseller and issued several rogue certs. These two events have seriously shaken people's confidence into the CA-based PKI model.

The vendors were not going to let this one slip unpunished like they did in Comodo's case. Mozilla, Google and Microsoft quickly announced their plans to remove the DigiNotar root certificate from their products.

Mozilla and Google made good on those promises today with the release of Firefox 6.0.1, Firefox 3.6.21, and Chrome 13.0.782.218 respectively. In addition to removing the DigiNotar CA cert, the new Chrome version also updates the bundled Flash Player plug-in.

The Flash Player update in Chrome is usually an indication that a Flash security advisory is coming soon. Google has access to early Flash builds and usually updates the plug-in for security reasons.

While the vast majority of people hailed the decision to kill DigiNotar as a trusted CA, some people are not happy with the action because it will negatively impact many Dutch companies and government institutions that have DigiNotar-issued certs.
http://news.softpedia.com/news/Google-and-Mozilla-...

--
Was this reply relevant?
+1
-0
mogs CClip 108
Expert Contributor 31st Aug, 2011 18:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
It’s Right About Time for a New IE10 Preview
August 31st, 2011, 14:40 GMT| By Marius Oiaga

It’s right about time for the release of a new preview of Internet Explorer 10 if you ask me, although Microsoft is keeping mum on the evolution of the next major iteration of IE.

The first Platform Preview of IE10 was released in mid-April 2011, almost immediately after the general availability deadline of Internet Explorer 9.

With IE10 PP1 Microsoft confirmed that the IE9 development strategy had become an established model, especially around early development releases designed to share the evolution of the browser’s core with the world.

IE10 Platform Preview 2 launched in June introducing a variety of enhancements, including such features as HTML5 Parser, HTML5 Sandbox, Web Workers, HTML5 Forms, Media Query Listerners, etc.

There has been nothing but silence on the IE10 front for the last couple of months, and per the PP release pace that the software giant established, a new preview should be offered to early adopters soon.

It’s, of course, almost impossible to say exactly when this happens, and asking Microsoft won’t do much good either.

But as far as I’m concerned, while BUILD is essentially a Windows 8-centric event, Internet Explorer 10 is bound to also have a role to play.

After all, IE10 will be the default browser in Windows 8, as the Redmond company has already confirmed.

More at :-
http://news.softpedia.com/news/It-s-Right-about-Ti...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Expert Contributor 31st Aug, 2011 19:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Chrome's Ben Goodger Defends Mozilla's Rapid Release Cycle for Firefox
August 31st, 2011, 15:41 GMT| By Lucian Parfeni

There's been a lot of discussion over the rapid release cycle Mozilla has adopted for Firefox and all of its other projects. So much so that plenty of top Mozilla people have had to step in to defend and explain the decision.

In fact, it's not only Mozilla that is defending the move, Google's Ben Goodger came to the rescue as well and has said that the automatic update system in Google Chrome, which he helped build, is the browser's best feature to date.

It's automatic updates that have been irking some of the rapid release cycle's most ardent critics, but the feature was a necessity if Firefox was to get a new version every six weeks.

Read more at :-
http://news.softpedia.com/news/Google-Chrome-s-Ben...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Expert Contributor 31st Aug, 2011 20:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla addons site targeted in same attack that hit Google

Counterfeiters mint SSL cert for addons.mozilla.org
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 31st August 2011 18:34 GMT
The secure webpage hosting addons for Mozilla Firefox was targeted in the same attack that minted a fraudulent authentication credential for Google websites, the maker of the open-source browser said.

“We have received reports that a fraudulent certificate was added for addons.mozilla.org as well,” a Mozilla spokeswoman wrote in an email Wednesday. She didn't say whether it was actively used to attack people accessing the site, when it was issued and how long it survived before being revoked. The site hosts hundreds of thousands of addons that give the Thunderbird and Firefox programs powerful additional functions.

Read more at :-
http://www.theregister.co.uk/2011/08/31/more_site_...

--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS August
Expert Contributor 1st Sep, 2011 13:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
As I'm unable yet to Create a new CYBERCLIPS thread for September.....please continue to keep an eye out for August's rendition and INDEX.......Thankyou

--
Was this reply relevant?
+0
-0
mogs CClip 111
Expert Contributor 1st Sep, 2011 13:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
1 in 5 Windows 7 Users Worldwide Are Running IE9
September 1st, 2011, 07:23 GMT| By Marius Oiaga

At least one in five Windows 7 customers worldwide have already upgraded to and are using Internet Explorer 9.

As of August 31st, 2011, no less than 20.4% of Windows 7 users had embraced IE9, according to Roger Capriotti, director, Internet Explorer Marketing, who shared usage statistics from Net Applications.

Worldwide, there are more people leveraging IE9 for their daily browsing needs than any other browser, including the most recent releases of rivals such as Chrome and Firefox.

Chrome 13 is runner-up in terms of browser usage share on Windows 7 with 18.3%, while Firefox 6 takes home the bronze with 13.2%.

More at :-
http://news.softpedia.com/news/1-in-5-Windows-7-Us...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Expert Contributor 1st Sep, 2011 13:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Just Ahead of First Windows 8 Event, Windows 7 Breaks the 30% Worldwide Usage Share Mark
September 1st, 2011, 10:37 GMT| By Marius Oiaga

Windows 7 is right on track to becoming the no. 1 operating system worldwide by the end of 2011, and the platform just reached a new milestone on its way there.

At the end of August 2011, Windows 7’s usage share exploded to 30.60%, up from 29.66% the previous month, according to statistics shared by Net Applications.

Microsoft revealed earlier this summer that it had sold in excess of 400 million licenses of Windows Vista’s successor since the OS launched in late 2009.

Windows 7 is forecasted to sell another 200 million copies by the end of this year alone. With the number of sold licenses larger than 600 million, Windows 7 will dethrone Windows XP and become the new top dog on the OS market.

Speaking of XP, the decade-old operating system from the Redmond company is dangerously close to dipping under the 50% usage share mark.

XP continues to lose usage share, and is down to just 52.46% at the end of the past month from 52.80% in July 2011.

Windows Vista usage also continues to drop, decreasing to as little as 9.40% from 9.84% in the past couple of months.

In just two weeks Microsoft will kick start the first Windows 8-centric event. Dubbed BUILD, the conference will focus on the next generation of the Windows client, and the platform’s future impact on emerging form factors beyond the PC.

It appears that it matters little to customers buying PCs today that Microsoft is gearing up to deliver the first deep insight into Windows 8, judging by the strong growth momentum of Windows 7, a trend which is bound to continue even in 2012, when the software giant will get closer and closer to finalizing the next version of Windows.

http://news.softpedia.com/news/Just-Ahead-of-First...


--
Was this reply relevant?
+0
-0
mogs CClip 113
Expert Contributor 1st Sep, 2011 17:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Sep, 2011 17:13
Thunderbird 6.0.1. and Thunderbird 3.1.13 Fix Compromised Root CA Issue
September 1st, 2011, 11:50 GMT| By Lucian Parfeni

Mozilla has updated its two supported Thunderbird versions to remove the root certificate of DigiNotar from the list of authorized Certificate Authorities (CA). The CA had been the victim of a successful attack and several rogue certificates had been issued, signed by it.

Both Mozilla and Google issued updates for their browsers, removing the root certificate for the vendor.

Now, Mozilla has also provided updates for Thunderbird 6, the latest stable version of the popular email suite, but also for the older Thunderbird 3.1, which is still being supported with security patches.

"Thunderbird 6.0.1 and Thunderbird 3.1.13 are now available as free downloads for Windows, Mac, and Linux," Mozilla announced.

"As always, we recommend that users keep up to date with the latest stability and support versions of Thunderbird, and encourage all our users to upgrade to the very latest version," the group advised.

"Thunderbird 6.0.1 and Thunderbird 3.1.13 revoke the root certificate for DigiNotar due to fraudulent SSL certificate issuance," Mozilla explained.

More at :-
http://news.softpedia.com/news/Thunderbird-6-0-1-a...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Expert Contributor 1st Sep, 2011 17:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

For all its success as the world's biggest maker of PC operating systems and office programs, Microsoft's position as the dominant provider of software to consumers is at risk.

While Windows still powers the vast majority of desktops and laptops, the emergence of mobile devices and increasing reliance on the Internet have shown consumers and businesses alike that much of what we call personal computing can be done without touching a single Microsoft product.

Microsoft is still a giant, with $70 billion in annual revenue and an amazing 11 products that earn at least $1 billion a year. But it faces challenges in search, Web browsing, mobile devices, Web server software, and even the desktop operating system market.

In this article, we will examine what we think are Microsoft's five biggest weaknesses, a list we came up with in conjunction with the analyst firm Directions on Microsoft. We provided the list and supporting facts to Microsoft's public relations firm on Aug. 15. Microsoft declined to make executives available for interviews, but provided responses to some of our questions via email. We'll include Microsoft responses at the end of each section.

Read more at :-
http://www.infoworld.com/d/microsoft-windows/micro...

--
Was this reply relevant?
+0
-0
mogs CClip 115
Expert Contributor 1st Sep, 2011 21:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Thursday, September 1, 2011 | 12:20
Labels: Beta updates
As part of Chrome's 3rd birthday celebration, we're happy to announce what you've all been waiting for: a third Beta channel release for this week! The Chrome Beta channel has been updated to 14.0.835.126 for Windows, Mac, Linux, and Chrome Frame. This release has disabled accelerated 2D canvas for Windows, along with other stability fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 116
Expert Contributor 2nd Sep, 2011 08:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 2nd Sep, 2011 08:11
Dev Channel Updates for Chromebooks
Thursday, September 1, 2011 | 15:26
Labels: Chrome OS, Dev updates
The Dev channel has been updated to 15.0.867.0 (Platform version: 972.0) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

Highlights:
Fix several functionality and stability issues .
Updated New Tab Page
File Manager fixes
Known issues:
gmail : rendering issue seen on scrolling down long email thread (19931).
If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Beta channel? Find out how.

Josafat Garcia
Google Chrome

1 comments | Links to this post | Email Post

Beta Channel Update for Chromebooks
| 14:04
Labels: Beta updates, Chrome OS
The Google Chrome team is happy to announce the release of Chrome 14 on the Beta Channel for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

Chrome version 14.0.835.125 (Platform version: 811.77)

Release highlights:
A number of security and stability fixes
Update the Netflix plugin to 1.1.5
Update Pepper Flash to version 10.3.200.106
Turned accelerated compositing, smooth scrolling on
Known issues:
Issue 19726: 3G not activating for first time
Issue 19888: Video forward/backward doesn't work using a progress bar
If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Orit Mazor
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 117
Expert Contributor 2nd Sep, 2011 08:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

RankMyHack Adds Leaderboards and Achievement Points to Hacking
By Kevin Lee, PCWorld Sep 1, 2011 1:15 PM

Hacking has gone the way of FourSquare and gaming in general by adding scores and leaderboards for who can make the most daring hacks. We're not making this up.

RankMyHack is a community site with rankings for the top hackers who have scored the most points. Users earn points by taking down the online defenses companies and corporations--the more popular or bigger it is, the more points they earn.

More at :-
http://www.pcworld.com/article/239368/rankmyhack_a...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Expert Contributor 2nd Sep, 2011 12:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
eSecurityPlanet > Malware > AVG Intros Internet Security 2012

AVG Intros Internet Security 2012

New features include AVG Accelerator and AVG Advisor.

By eSecurityPlanet Staff | September 01, 2011 Share
AVG recently launched the newest version of its Internet Security product.

"New features include the AVG Accelerator that maximises computer connectivity to deliver online content so that less time is spent waiting for videos and other content-rich files to download," writes SC Magazine's Dan Raywood.

"Also launched is AVG Advisor, which provides assistance and recommendations in case of detected memory problems caused by browser sessions where tabs have been open for a long time," Raywood writes.

Go to "AVG address the 'need for speed' with Internet Security 2012" to read the details.


http://www.esecurityplanet.com/malware/avg-intros-...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 2nd Sep, 2011 16:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Incompatible Firefox Add-ons Are Easier to Install, as AMO Further Rolls Out Redesign
September 2nd, 2011, 14:17 GMT| By Lucian Parfeni

The Mozilla Add-ons (AMO) website is undergoing a major revamp. A new design is being deployed to various parts of the site and now pretty much the entire site has been converted. There are also some changes for Aurora and Beta users, who will now be able to install add-ons that may be incompatible more easily.

The update as well as the improvements aim to make the site easier to use, for both regular users and the more advanced ones running the beta or Aurora versions of Firefox.

"Earlier today, AMO’s new extension category landing and browse pages were pushed live, bringing more of the site into our new style. As with our other new pages, we aimed for a clean, simple design without extra clutter," Mozilla wrote.

The Mozilla Add-ons homepage had already been updated to the new design as well as the details pages for each add-on. With the latest updates, the entire site sports the new look.

Read more at :-
http://news.softpedia.com/news/Incompatible-Firefo...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 2nd Sep, 2011 16:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Incompatible Firefox Add-ons Are Easier to Install, as AMO Further Rolls Out Redesign
September 2nd, 2011, 14:17 GMT| By Lucian Parfeni

The Mozilla Add-ons (AMO) website is undergoing a major revamp. A new design is being deployed to various parts of the site and now pretty much the entire site has been converted. There are also some changes for Aurora and Beta users, who will now be able to install add-ons that may be incompatible more easily.

The update as well as the improvements aim to make the site easier to use, for both regular users and the more advanced ones running the beta or Aurora versions of Firefox.

"Earlier today, AMO’s new extension category landing and browse pages were pushed live, bringing more of the site into our new style. As with our other new pages, we aimed for a clean, simple design without extra clutter," Mozilla wrote.

The Mozilla Add-ons homepage had already been updated to the new design as well as the details pages for each add-on. With the latest updates, the entire site sports the new look.

Read more at :-
http://news.softpedia.com/news/Incompatible-Firefo...

--
Was this reply relevant?
+0
-0
mogs CClip 120
Expert Contributor 2nd Sep, 2011 16:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 2nd Sep, 2011 16:44
Phishers target UK students with scam student loans emails
UK students are being targeted by phishing scammers with specially crafted emails designed to trick them into giving away personal details, according to security vendor Sophos.
The firm's senior technology consultant, Graham Cluley, explained in a blog post that the emails in question are being sent out to coincide with the beginning of the new academic year.

"An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently," he said.
"Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a web site to the phishers."

Read more at :-
http://www.v3.co.uk/v3-uk/news/2106293/phishers-ta...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Expert Contributor 2nd Sep, 2011 17:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Opera 12.00 Codenamed Wahoo Build 1054 Available for Download
September 2nd, 2011, 14:47 GMT| By Marius Oiaga

A new development snapshot of the next version of Opera has been released for testing. Opera 12.00 codenamed Wahoo Build 1054 is now available for download to early adopters looking to get an early taste of what the successor of Opera 11.50 brings to the table.

Since Opera 12.0 is still in the early stages of development, end users are advised to not leverage this on any codenamed Wahoo releases into production, at least for the time being.

Previous Opera 12.00 Builds were considered pre-Alpha and there’s no indication that there’s any change in this regard.

According to Ruarí Ødegaard, a member of the Opera Desktop team, Build 1054 introduces enhancements related to rendering and to the Speed Dial.

“Some core highlights include implementation of fully CSS 2.1 compliant display:list-item and a fix to prevent the cache from growing past its allowed limit. Regarding that last point, if the fix works as expected, Opera should not go past the cache size,” he stated.

“And, after a crash, it should restore to the correct size. If you can check the cache size after a crash, and also after correctly closing Opera following a crash, that would be much appreciated. On the Desktop side we have made the animations much nicer when you move Speed Dials around. Of course there are plenty of other great fixes.”

Opera Software made available a changelog with an impressive list of features, and those testers that provided feedback to the Norway-based browser vendor can check out the bugs fixes to see whether their input was taken into consideration.

As I have already said, Opera 12.00 should only be deployed in testing environments. Opera 11.51 is the best version of this browser for end users, especially since its considerably more stable compared to codename Wahoo.

http://news.softpedia.com/news/Opera-12-00-Codenam...


--
Was this reply relevant?
+0
-0
mogs CClip 122
Expert Contributor 2nd Sep, 2011 21:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 2nd Sep, 2011 21:03
Google might shun Dutch gov certificates from DigiNotar

Chrome update prepared to kill 2 certs
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 2nd September 2011 16:57 GMT
Updated In the wake of hundreds of fraudulent secure sockets layer certificates issued by DigiNotar, Google developers are preparing a version of the Chrome browser that rejects some web credentials sanctioned by the Dutch government's official certificate authority.

Source code posted Thursday afternoon California time on Google's own website would prevent Chrome from trusting any secure website signed by DigiNotar under an official program set up by the Dutch government. It was set up under the auspices of PKIoverheid, the official certificate authority of the Netherlands.

More at :-
http://www.theregister.co.uk/2011/09/02/google_chr...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Expert Contributor 2nd Sep, 2011 21:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Free AVG 2012 for Windows 7
September 2nd, 2011, 18:15 GMT| By Marius Oiaga

The newly launched AVG 2012 suite of security solutions might be the one to take the user base over the 100 million mark.

According to JR Smith, CEO of AVG Technologies, AVG is already being leveraged by in excess of 98 million people, with the 2012 line of products taking advantage of the power offered by the community in order to protect computers.

Available to customers in 170 countries worldwide and in no less than 24 languages, AVG 2012 comes in a number of flavors, including the traditional free edition designed to offer a basic level of protection to users.

Customers can also opt to pay a subscription of $54.99 for AVG Internet Security 2012, $39.99 for AVG Anti-Virus 2012 or $69.99 for AVG Premium Security 2012.

AVG 2012 is advertised as offering users a 50% smaller download size and better installation performance. The solution’s increase in speed is however not limited to the deployment process.

“At a lean 65 MB, the file size of AVG Internet Security 2012 comes in well below that of our three closest competitors despite adding 127 new features. AVG 2012 also improves upon our last edition by speeding up full disk scans by up to 50 percent and browser launches by up to 10 percent. AVG 2012 is lighter, faster and smaller than any previous AVG product,” Smith stated.

Read more at :-
http://news.softpedia.com/news/Download-Free-AVG-2...

--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS August
Expert Contributor 2nd Sep, 2011 22:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
This thread is now closed...........
Please see continuation at :-
http://secunia.com/community/forum/thread/show/114...

Thankyou for you support..........mogs.

--
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer