Forum Thread: Daily CYBERCLIPS October

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS October
Member 3rd Oct, 2011 19:17
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK

Thirteenth Edition.
Thankyou for the support thro' the last month. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.
Scroll down for the latest posts !!
Please note that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Member 3rd Oct, 2011 19:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
MSE false positive detection forces Google to update Chrome

Faulty antivirus blocks web browser
By Lucian Constantin
Mon Oct 03 2011, 12:13
INTERNET GIANT Google has been forced to update its Chrome web browser after Microsoft Security Essentials (MSE) started wrongfully detecting it as malware.
The false positive incident happened on Friday and involved Microsoft's security product alerting users that chrome.exe is a banking trojan from the Zeus family of malware and recommending its removal.
Users who acted on the program's recommendation and removed the threat found themselves no longer able to use the web browser. Many of them flocked to Google's Chrome support forum to report the problem.
According to a statement from Microsoft's Malware Protection Center, around 3,000 users were impacted by the faulty definition and ended up with the Chrome browser blocked or removed.
Microsoft released a signature update to address the error in a matter of hours, but Google decided that it couldn't rely on MSE users to deploy it and pushed out its own fix.
It's worth pointing out that unlike other web browsers, Google's Chrome is updated by an independent service that keeps on running even when the main browser process is closed.
"The Chrome Stable channel has been updated to 14.0.835.187, and the Beta channel has been updated to 15.0.874.58. These updates should help repair Chrome installs that were broken due to the issue with Microsoft Security Essentials," Google Chrome engineer Jason Kersey announced on the company's blog.

More at :-
http://www.theinquirer.net/inquirer/news/2113892/m...

--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 3rd Oct, 2011 19:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 3rd Oct, 2011 19:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
BT suffers huge broadband failure across much of UK

A "power failure" at a major exchange in Birmingham has seen huge numbers of BT Broadband customers across the UK cut off.

The company said those affected numbered into the hundreds of thousands - about 5% of its total customers.

Business users were particularly badly affected, with many reporting considerable lost revenue as a result.

BT said the service has now been fully restored, advising customers to "turn their hub or modem off and on again".

http://www.bbc.co.uk/news/technology-15154020

--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 3rd Oct, 2011 21:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 3rd Oct, 2011 21:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Windows XP usage share falls by record amount
Projections put Windows 7 as the most-used edition by May 2012

By Gregg Keizer | Computerworld


Microsoft's Windows XP lost an unprecedented amount of online usage share last month, a Web metrics company said Saturday.

The aging operating system -- it turned 10 several weeks ago -- lost almost 2 percentage points during September to end the month with a 50.5 percent share of all desktop operating systems, according to analytics firm Net Applications. The drop was the largest one-month decline in the company's tracking of Windows XP.

Read more at :-
http://www.infoworld.com/d/microsoft-windows/windo...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 3rd Oct, 2011 21:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Facebook turns to Websense for malicious URL detection
The goal is to protect users from clicking on links that take them to phishing and malware sites

By Lucian Constantin | IDG News Service

Facebook has partnered with security vendor Websense to protect its users from third-party malicious URLs spammed on the social networking website, the companies said on Monday.

Facebook has been plagued by malware distribution campaigns, survey scams and other types of threats for years now and despite the company's best efforts the attacks continue.

The site's blocking mechanisms have improved over time, but spammers are very determined to find ways around them since social media has become one of the primary malware propagation channels.

Most attacks involve users clicking on links that point to malicious web pages outside of Facebook's control, so to counter this, the company passes requests to external resources through its own URL redirector.

More at :-
http://www.infoworld.com/d/security/facebook-turns...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 4th Oct, 2011 08:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 4th Oct, 2011 09:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 4th Oct, 2011 09:06


--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 4th Oct, 2011 11:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Betfair Acknowledges Cyber Attacks

The attackers stole 2.28 million encrypted payment card account numbers and details, according to a report in The Telegraph.

October 03,
Online gambling company Betfair recently acknowledged that it was the victim of cyber attacks 18 months ago that attempted to gain access to customers' personal data.

"The company did not inform customers at the time," writes ZDNet UK's Ben Woods. "'18 months ago we were subject to an attempted data theft. Because of our security measures the data was unusable for fraudulent activity and we were able to recover the data intact,' the company said in a statement on Friday."

"However, according to a report in The Telegraph on Friday, the attackers did in fact manage to steal millions of users' sensitive details including 2.28 million encrypted payment card account numbers and details, 3.16 million account user names with encrypted security questions and 89,744 account user names with bank account details," Woods writes.

More at :-
http://www.esecurityplanet.com/hackers/betfair-ack...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 4th Oct, 2011 22:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Stable Channel Update
Tuesday, October 4, 2011 | 09:40
Labels: Stable updates

The Stable channel has been updated to 14.0.835.202 for Windows, Mac, Linux, and Chrome Frame. This release contains Adobe Flash Player 11, along with the stability and security fixes listed below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
[$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
[$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
[96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
[$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
[$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
[98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.
Full details about what changes have been made in this release are available in the SVN revision log. Interested in switching to another channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 4th Oct, 2011 22:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 4th Oct, 2011 22:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 4th Oct, 2011 22:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Mozilla aims to add silent updating to Firefox 10
Cites 'update fatigue' caused by rapid release schedule

By Gregg Keizer
October 4, 2011 12:46 PM
Computerworld - A year after it pulled the plug on silent updates in Firefox 4, Mozilla said it will debut most of the behind-the-scenes feature by early next year.

Assuming Mozilla pulls off silent upgrading this time around, it would make Firefox only the second browser to take that route. Google's Chrome has been the poster boy for automatic updates that remove the user from the equation and can't be switched off.

Mozilla did not say it was copying Chrome -- it's denied doing so with other features -- but the chairman of the Mozilla Foundation, Mitchell Baker, acknowledged what she called "update fatigue."

"In the past we have been very careful to make sure people know something is changing with their Web browser before it changes," said Baker, who heads the non-profit organization that oversees the Firefox-making Mozilla Corp. "Today people are telling us -- loudly -- that the notifications are irritating and that a silent update process is important."

More at :-
http://www.computerworld.com/s/article/9220513/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 4th Oct, 2011 22:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
XSS web attacks could live forever, researcher warns
Cleaning up a website after a cross-site scripting attack may no longer be enough to protect its users

By Lucian Constantin
October 4, 2011 10:55 AM
IDG News Service - Websites that accidentally distribute rogue code could find it harder to undo the damage if attackers exploit widespread browser support for HTML5 local storage and an increasing tendency for heavy users of Web apps never to close their browser.

If browsers don't provide a mechanism for websites to securely recover from certain cross-site scripting attacks, the attacks could become invincible and the site at the origin of the attack remain compromised indefinitely, warned vulnerability researcher and Google security engineer Michal Zalewski in a blog posting on Saturday.

More at :-
http://www.computerworld.com/s/article/9220511/XSS...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 4th Oct, 2011 22:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Antivirus-evading bank malware surges

Sophisticated trojans help criminals
By Dean Wilson
Tue Oct 04 2011, 15:01

CYBER CRIMINALS ARE SENDING more banking trojans to computers worldwide, with a huge increase in the number of infections detected over the last two weeks, according to security firm Symantec.
Malware researchers noticed a massive increase in spam containing polymorphic malware, a type of virus that constantly changes its appearance to avoid being detected by antivirus software, Krebsonsecurity reported.
Symantec also identified a surge in this form of malware, jumping from 18.5 per cent in August to 72 per cent in September, which shows a sharp change from traditional malware to this more sophisticated form that appears to be netting criminals significantly more money than more familiar trojans and viruses.

More at :-
http://www.theinquirer.net/inquirer/news/2114335/a...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 5th Oct, 2011 09:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Chrome Beta Channel Update
Tuesday, October 4, 2011 | 16:55
Labels: Beta updates

The Beta channel has been updated to 15.0.874.81 for Windows, Mac, Linux, ChromeFrame platforms

All
Updated V8 - 3.5.10.15
Match main window notification subscription/unsubscription in BookmarkBarController
Fixed a deadlock induced by this pref being set in response to bookmark sync events (97955)
Enable floating bookmarks bar for NTP4 for M15 beta branch (98572)

Windows
Prevent a rendering error on Windows where content behind Chrome may render in front of the Chrome window (97808)
Added heuristic for fixing the alpha channel when reading clipboard images on Windows (97160)

Mac
Fixed bug where dragging bookmark-lets containing mixed character escape sequences (89394, 86643, 82283)
Fixed bug where previously minimized windows will re-minimize (97238)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg

--
Was this reply relevant?
+0
-0
mogs CClip 17
Member 5th Oct, 2011 09:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Mozilla advises Firefox users to disable McAfee plugin
McAfee ScriptScan could cause stability or security problems and is responsible for browser crashes, according to Mozilla
By Robert McMillan | IDG News Service

It's the last thing McAfee would want users to hear about one of its products, but the Firefox browser is advising users to disable McAfee's ScriptScan software, saying that it could cause "stability or security problems."

SriptScan ships with McAfee's VirusScan antivirus program. It's designed to keep Web surfers safe by scanning for any malicious scripting code that might be running in the browser. But according to Mozilla it has an unintended side-effect: It can cause Firefox to crash... a lot.

In a note posted to its website, Mozilla said that the add-on "causes a high volume of crashes," and is "strongly encouraging" users to disable the software. The warning applies to all users of version 14.4.0 and below of the plugin, Mozilla said.

The Firefox browser started popping up warning messages Monday, advising that users disable the software

In McAfee user forums, there is a smattering of complaints about the Firefox problem.

More at :-
http://www.infoworld.com/d/applications/mozilla-ad...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 5th Oct, 2011 11:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 19
Member 5th Oct, 2011 11:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 5th Oct, 2011 16:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 5th Oct, 2011 16:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 22
Member 5th Oct, 2011 19:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 23
Member 6th Oct, 2011 09:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Update: BofA site outages called 'unprecedented'
The bank has replaced its standard online Web page with an alternate

By Lucas Mearian

Computerworld - The six days of online brownouts and slowdowns that have plagued Bank of America's website are "unprecedented," a leading Internet and mobile cloud monitoring service said today.

"I don't think we've seen as significant and as long an outage with any bank. And I've been with Keynote for 16 years now," said Shawn White, vice president of operations for web monitoring service Keynote Systems. "It's particularly shocking precisely because these banks know how critical it is for their online customers to be able to access their bank account. It's so personal and dear to them."

Bank of America (BofA) said its Web and mobile services have not been hit by hacking or denial-of-service attacks. But the nation's largest bank would not disclose what's causing its online problems.

The bank also said it has substituted its standard homepage with an alternate one to help in user navigation.

More at :-
http://www.computerworld.com/s/article/9220562/Upd...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 6th Oct, 2011 09:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
NSS Labs offers reward money for fresh exploits
The company has set aside $4,400 for rewards for working exploits for 12 vulnerabilities
By Jeremy Kirk | IDG News Service

NSS Labs is sweetening the pot for its ExploitHub marketplace by offering rewards to security gurus who can write working exploits for a dozen "high-value" vulnerabilities.

The company, which has set aside $4,400 in reward money, plans to give $100 to $500 to the first people to submit a working exploit for the vulnerabilities. Ten of the vulnerabilities concern Microsoft's Internet Explorer browser, and two were found in Adobe's Flash multimedia program.

More at :-
http://www.infoworld.com/d/security/nss-labs-offer...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 6th Oct, 2011 09:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
VMware Gets Security Updates

The updates patch a vulnerability that could allow attackers to execute arbitrary code.

Updates were recently released for VMware, patching a vulnerability that could allow attackers to execute arbitrary code.

"The vulnerability lies in the way UDF filesystems are handled within VMware's Workstation, Player, and Fusion applications, and could be exploited by an attacker to execute code should a user install software from a specially crafted malicious ISO image," The H Security reports. "The problem was discovered by an anonymous person via the SecuriTeam Secure Disclosure program, and is believed to be present on all host operating systems."

"VMware versions up to and including Workstation 7.1.4, Player 3.1.4, and Fusion 3.1.2 are affected; other products are not vulnerable," the article states.

Go to "VMware patches buffer overflow in legacy products" to read the details.

http://www.esecurityplanet.com/patches/vmware-gets...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 6th Oct, 2011 20:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 6th Oct, 2011 20:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 6th Oct, 2011 20:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Halloween-themed black hat SEO attacks have already started

Skeleton template searches lead to malware
By Lucian Constantin
Thu Oct 06 2011, 15:44

WEB SECURITY VENDOR Websense warns about black hat internet search engine optimization (BHSEO) attacks that poison Google's search results related to Halloween.
It's a known fact that cyber criminals don't miss any chance to profit from events that grab the public's attention. Be they holidays, natural disasters or celebrity deaths, everything is fair game for these people.
It's no surprise to see search result poisoning campaigns targeting Halloween, but it is a little unusual to see such attacks nearly one month before the holiday,
"We start with the search term 'halloween skeleton templates,' which brings up a poisoned search result. The link redirects users to what appears to be a fake YouTube site," the Websense security researchers explain.

More at :-
http://www.theinquirer.net/inquirer/news/2115280/h...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 6th Oct, 2011 20:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 6th Oct, 2011 22:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
SpyEye steals banking codes by sending them to wrong phone
The new variant of the malware circumvents mobile SMS security procedures

By Lucian Constantin | IDG News Service


Researchers from browser security vendor Trusteer have identified a new variant of the SpyEye financial Trojan that tricks online banking users into changing the phone numbers associated with their accounts.

"The Trusteer research team recently uncovered a stealth new attack carried out by the SpyEye Trojan that circumvents mobile SMS (short message service) security measures implemented by many banks," said Amit Klein, Trusteer's chief technology officer, in a blog post.

"This attack, when successful, enables the thieves to make transactions on the user's account and confirm the transactions without the user's knowledge," he warned.

Read more at :-
http://www.infoworld.com/d/security/spyeye-steals-...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Member 7th Oct, 2011 08:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Thursday, October 6, 2011 | 15:52
Labels: Beta updates
The Beta channel has been updated to 15.0.874.83 for Windows, Mac, Linux, ChromeFrame platforms

All
Updated V8 - 3.5.10.16
Only deliver extension messages to contexts that care (96544, 76571)
Fix scrolling of full-frame pdf docs in accelerated compositing mode (93482)
Mac
Fixed PDF printing so headers and footers will only be added for HTML pages. (95225)
Fix speech input keyboard shortcut (97902)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 7th Oct, 2011 08:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 7th Oct, 2011 08:07


--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 7th Oct, 2011 21:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dutch SNS Bank Impersonated in Phishing Campaign The Dutch financial institution is realistically impersonated in the latest spam campaign that's been seen in the wild, joining the club of phishing expeditions that rely on attachments to do their thing.


It's not the first time we see a legitimate website being replicated in detail, as recently, PayPal also seemed to be sending out emails that announced unsuccessful transactions.

Mxlabs shows us the message that seems to be coming from the spoofed location SNS Bank <admin@72.29.75.183.com>, announcing the unsuspecting victim that his bank account needs to be verified as soon as possible.



The attachment, called SNS_RekeningActiveren, opens a form in the user's browser that requires him to complete a number of textfields that contain all sorts of sensitive information, including PIN number.

After the Submit button is hit, the data is sent to a Canadian domain which most likely is controlled by the masterminds behind the operation.

As the content of the email and the form is entirely in Dutch, the spam campaign most likely targets people from the Netherlands, but this is a very good example of phishing attempts that are carefully designed to be taken seriously. In the images contained in the article you can very well see the almost perfect resemblance.

Cybercriminals noticed the fact that emails written in a hurry, with a lot of grammar errors and filled with incorrect information mostly fail, so they turn to these more sophisticated attempts which were developed over a longer time period.

More at :-
http://news.softpedia.com/news/Dutch-SNS-Bank-Impe...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 7th Oct, 2011 21:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 7th Oct, 2011 21:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft to ship last service pack for Office 2007 this month
Gives customers a six-month window to test and deploy before suite leaves mainstream support next April

By Gregg Keizer

Computerworld - Microsoft yesterday announced it will ship a third and final service pack update for Office 2007 before year's end.

It appears that Microsoft will deliver Office 2007 Service Pack 3 (SP3) this month.

"The October 2011 release provides a six-month window to test and deploy the release prior to exiting mainstream support," Microsoft said in a blog post Thursday.

Office 2007, which went on general sale in January 2007 alongside Windows Vista, exits what Microsoft calls "mainstream support" in April 2012.

The suite will continue to be updated with security fixes for another five years after that, through April 11, 2017, during the "extended support" phase.

More at :-
http://www.computerworld.com/s/article/9220642/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 8th Oct, 2011 17:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft plans to fix 23 bugs on Patch Tuesday, two of them critical.

By Stuart J. Johnston

Patch Tuesday won't bring a lot of heavy lifting on October 11, but IT security administrators will still have two critical patches to apply. One affects all supported versions of Internet Explorer (IE).

In October, Microsoft is planning to release eight patches that fix a total of some 23 bugs.

According to a post on the Microsoft Security Response Center (MSRC) blog, this month's patches run the gamut from IE, .NET Framework and Silverlight, Microsoft Windows, Microsoft Forefront UAG (Unified Access Gateway), and Microsoft Host Integration Server.

At the top of the list in October are patches for IE which, for many versions of Microsoft's preeminent Web browser, are rated "critical" -- the highest-priority rating on the company's four-tier severity ranking scale.

Prior to actually releasing a patch, Microsoft does not disclose details about the bugs it fixes, so as not to give crackers any hints before a patch is available for download.

Although details of the IE patch have not been revealed yet, the notification does say that installing the patch will require a system restart.

Meanwhile, the second high-priority patch is rated critical for all versions of Windows, including Windows XP Service Pack 3 up through Windows 7. However, that patch only says it "may require" a restart after installation.

As far as the rest, those patches are mostly rated "important," Microsoft's second highest priority ranking. Most of those, too, will require a restart, however.

"For the patches in general, nearly all require a restart which will cause widespread disruptions across both Internet connected servers and user community desktops," Paul Henry, security and forensic analyst for researcher Lumension, said in an email to InternetNews.com.

http://www.esecurityplanet.com/patches/two-critica...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 8th Oct, 2011 17:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 8th Oct, 2011 17:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 10th Oct, 2011 10:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 10th Oct, 2011 10:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Dart, Google's Ambitious Plan to Replace JavaScript, Has Been Released Publicly

Dart, Google's programming language designed to replace JavaScript, is making its debut with the introduction of an "early preview" of the language.

Google has high hopes for Dart, but since this is the first public release of anything related to the actual code it remains to be seen whether it achieves what Google set out to do.

Perhaps more importantly, it also remains to be seen whether the community will adopt it and start using it in any meaningful numbers.

"Today we are introducing an early preview of Dart, a class-based optionally typed programming language for building web applications," Lars Bak, a software engineer on the Dart Team, announced.


Google still has some work to do on Dart, it's been working on it for quite some time too, it was initially called Dash. But it is comfortable enough with what it's got ready to release it to the public.

Dart was created to replace JavaScript as the de facto programming language of the web, in particular for web applications.

Google believed that some of JavaScript's limitations were impossible to overcome by evolving the language, so it created its own.

More at :-
http://news.softpedia.com/news/Dart-Google-s-Ambit...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 10th Oct, 2011 12:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Xbox Code Generator Promises Cypher but Delivers Malware

A new attempt of spreading malware has been seen in an old Xbox Code Generator scam that tries to dupe unsuspecting users by making it look as real as possible.

Sunbeltblog discovered an add on various video sharing websites which promises internauts an app that will generate a functional cypher.


Unlike other such scams, it doesn't directly spread malware and it doesn't ask for information, instead, this one first redirects the victim to a number of websites which all advertise the download of a piece of software.

Once the alleged code supplier is downloaded and executed, it opens what seems to be a genuine code generator which gives a series of invalid codes. To make everything look more real, at the bottom of the window a message is posted.

It reads "This version uses an outdated formula. The keys generated may not produce correct codes. Upgrade to 1.17"

If the update button is hit, you are taken to a .tk location that now seems to be legit. According to the source, the mastermind behind the operation might have changed the malicious page with a sports-related page in order to prevent the domain from being shut down, but it was too late.

Even though most of the sites related to the malicious operation were shut down, it's always good to know about these things as you never know when they might reappear under a slightly different form.

More at :-
http://news.softpedia.com/news/Xbox-Code-Generator...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Member 10th Oct, 2011 14:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 10th Oct, 2011 15:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 11th Oct, 2011 07:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CCLIP 45
Member 11th Oct, 2011 21:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CCl;ip 46
Member 11th Oct, 2011 22:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 11th Oct, 2011 22:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Many websites 'leaking' personal info to other firms
Websites are sharing usernames and other personal information with advertising partners, a Stanford study says

By Grant Gross
October 11, 2011 02:34 PM
IDG News Service - Many top websites share their visitors' names, usernames or other personal information with their partners without telling users and, in some cases, without knowing they're doing it, according to a new study from Stanford University.

Many websites "leak" usernames to third-party advertising networks by including usernames in URLs that the ad networks can see in referrer headers, said the study, released Tuesday by Stanford Law School's Center for Internet and Society. While there's a debate in legal circles whether usernames are personal information, there's a growing consensus among computer scientists that Web-based companies can use usernames to identify their owners, said Jonathan Mayer, a Stanford graduate student who led the study.

Read more at :-
http://www.computerworld.com/s/article/9220731/Man...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Member 12th Oct, 2011 07:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

PC infected? Blame yourself, Microsoft report concludes
Patchable vulnerabilities -- particularly Java-based holes -- account for the vast majority of malware infections

By Julie Bort | Network World

Zero-day exploits are nerve-racking for IT professionals but are far less dangerous than unpatched older vulnerabilities for which fixes are available, Microsoft says.

A zero-day is a vulnerability for which a patch is not yet available. These accounted for less than 1 percent of all detected infections in the first half of 2011, according to Microsoft's latest security research report. Instead, Microsoft finds that Java remains the worst cause of infections -- and old Java at that, with patches long since available.


"Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters," says the Microsoft Security Intelligence Report Volume 11, released Tuesday. [Full report PDF]. Java attacks include infections from holes in the Java Runtime Environment, Java Virtual Machine, and Java SE in the Java Development Kit.

Like previous versions of this report, Microsoft finds that nearly all infections could have been stopped if the user had been using the latest version of software or had not clicked on a malware-laced link. Note that the report is limited to instances of attacks that Microsoft can detect through its Malicious Software Removal Tool and its other anti-malware products. Zero-day attacks that it cannot detect would not be calculated in its findings. Using these, the company analyzed security incidents from more than 600 million systems in more than 100 countries for the first half of 2011, many of them Windows PCs owned by consumers or small businesses without dedicated IT staff.

Read more at :-
http://www.infoworld.com/d/security/pc-infected-bl...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 12th Oct, 2011 07:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

YesAsia Does Not Spam Customers with Fake Bills

A well-known online retailer's name is used in the latest spam campaign that's been spotted in the inboxes of potential victims, pretending to ask confirmation for an order that was never actually made.

According to Graham Cluley, the example he saw claimed that the victim purchased an external hard drive and a webcam which cost a total of almost $500 (350 EUR), a fact which could scare anyone.


The unsuspecting internauts could rush to click on the link provided in the email to see how this could be possible, but instead of receiving explanations, they end up with a zip file that contains malicious elements which take over the device.

As we see in this case, the cybercriminals registered a domain called yesasia-invoices.com just for the occasion, to make the whole thing look more legit.

Another thing that makes the scam look more real is that the messages seem to be coming from an automated service. This combined with the cleverly crafted domain could easily fool anyone.

More at :-
http://news.softpedia.com/news/YesAsia-Does-Not-Sp...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Member 12th Oct, 2011 20:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

The SSL certificate industry can and should be replaced
By Ellen Messmer
October 12, 2011 10:38 AM
Network World - The SSL certificate authorities like Comodo that have had their security undermined by hackers shouldn't be trusted, and in fact, the way the entire SSL certificate industry of today works can and should be replaced with something better, says Moxie Marlinspike, a security expert who's come up with a plan he says will do that.

Marlinspike's plan, unveiled last August at the Black Hat Conference, is called "Convergence," and it's gaining some momentum, particularly after the shocking hacker attacks on DigiNotar, GlobalSign, Comodo and other SSL certificate authorities of late that resulted in fake certificates coming into use on the web, including a fake Google certificate, since revoked.

Read more at :-
http://www.computerworld.com/s/article/9220763/The...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 12th Oct, 2011 20:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 52
Member 12th Oct, 2011 20:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 53
Member 13th Oct, 2011 08:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Wednesday, October 12, 2011 | 15:20
Labels: Beta updates
The Beta channel has been updated to 15.0.874.92 for Windows, Mac, Linux, and ChromeFrame platforms

All
Updated V8 - 3.5.10.17
Fixed crash during Print Preview (96063)
Fixed excessive margins in printing (92000)
Fixed large downloads don't show progress (94468)
Fixed Netflix/Silverlight error (97319)
Disabled acceleration for background pages (96006)
Restored the old bookmark menus (93674)
Added support for an optional "requirements" section in extension/app manifests (99241)
Windows
Fixed window rendering issue on focus(90386)
More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 13th Oct, 2011 08:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 13th Oct, 2011 08:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 13th Oct, 2011 08:55
VLC Media Player Gets Security Update

Version 1.1.12 patches a vulnerability that could be exploited by an attacker to crash the server process.

VideoLAN recently announced the release of version 1.1.12 of its VLC Media Player.

"The maintenance and security update addresses a NULL dereference vulnerability in the HTTP and RTSP server component used by VLC which could be exploited by an attacker to crash the server process," The H Security reports.

"For an attack to be successful, a victim must have started VLC server and manually started the HTTP web interface, HTTP output, RTSP output or RTSP VoD functions," the article states.

Go to "VLC Media Player 1.1.12 closes security hole" to read the details.

http://www.esecurityplanet.com/patches/vlc-media-p...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 13th Oct, 2011 08:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
iTunes for Windows Updated to Patch Security Flaws

The update patches a total of 79 vulnerabilities.


Apple has released iTunes 10.5 for Windows, patching several security flaws.

"The security patch, available for Windows 7, Windows Vista and Windows XP SP2, fixes a total of 79 documented vulnerabilities," writes ZDNet's Ryan Naraine. "The most serious of these flaws could allow remote code execution attacks via booby-trapped image or movie files."

"Details on the vulnerabilities can be found in this Apple security advisory," Naraine writes.

Go to "Apple slaps another security band-aid on iTunes" to read the details.

http://www.esecurityplanet.com/patches/itunes-for-...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 13th Oct, 2011 11:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
EU bans pre-ticked website boxes to aid consumers

Consumers will be exempt from costs of which they were not 'properly informed' before purchase

"Pre-ticked" boxes on shopping websites will be banned in European Union states under newly approved legislation.

EU ministers meeting in Luxembourg have passed a set of rules aimed at strengthening consumer rights, which the EU parliament backed in June.

They mean online traders will have to disclose the total cost of a product - including fees - and customers will have to actively opt-in to extras.

Member countries will have two years to implement the rules nationally.

'Cooling off' period
Announcing the legislation had been passed, the European Commission cited the example of buying airline tickets online, when customers may have needed to actively decline optional extras such as travel insurance.

"With the new directive, pre-ticked boxes will be banned across the European Union," it said in a statement.

Read more at :-
http://www.bbc.co.uk/news/world-europe-15260748

--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 13th Oct, 2011 12:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
300,000 Websites Fall Victim to ASP Mass Infection

Google reveals another mass infection which affected hundreds of thousands of sites that relied on ASP or ASP.NET web application frameworks.

Armorize informed us of the incident, but since the announcement was made, the number of infected websites has doubled, reaching more that 300,000.


A malicious script that points to "jjghui(dot)com/urchin(dot)js" got injected into the victim locations which the researchers reveal to be targeting English, German, French and other language speakers.

Unfortunately, internauts with outdated browser components get instantly infected when they visit one of the compromised locations, without even realizing what hit them and even though the drive-by download attack seems to be targeting only the websites based on the above mentioned framework, there are plenty of victims to choose from.

More at :-
http://news.softpedia.com/news/300-000-Websites-Fa...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 13th Oct, 2011 12:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 60
Member 13th Oct, 2011 14:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Facing closure, OpenOffice.org begs for survival
As the latest team behind the free productivity suite cries, 'OpenOffice.org can't be allowed to die!'

By Katherine Noyes | PC World

The OpenOffice.org office productivity suite has had something of a wild ride ever since it fell into Oracle's hands with the acquisition of Sun early last year, and now it looks like that ride may be coming to an end.

Oracle divested itself of OpenOffice.org in June -- donating it instead to the Apache Software Foundation Incubator -- and now the project is in trouble. Today, the Germany-based team now keeping it up plans to launch a major fundraising campaign with the simple goal of keeping the software alive.

"The brains behind OpenOffice.org want the open source software to continue as an association and to finance the continued development of the associated programs and user support through donations," reads the group's announcement, adding that the end of OpenOffice.org would be disastrous.

Read more at :-
http://www.infoworld.com/d/open-source-software/fa...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 13th Oct, 2011 17:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 13th Oct, 2011 17:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mac OS X security update causes crashes, say experts
Apple's massive security update addresses more than 70 vulnerabilities, but installing the patches could render computers unbootable
By Lucian Constantin | IDG News Service

Apple has released a massive security update for Mac OS X along with a new version of its OS, however, according to several reports, installing the patches could render computers unbootable.

The Mac OS X Security Update 2011-006 addresses more than 70 vulnerabilities in core components, as well as third-party products bundled by default with the OS.

http://www.infoworld.com/d/security/mac-os-x-secur...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 14th Oct, 2011 23:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 14th Oct, 2011 23:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 14th Oct, 2011 23:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Bing, Yahoo sponsored results lead to hard-to-remove rootkit
Searching for Flash Player can lead to rogue pages

By Lucian Constantin
October 14, 2011 10:37 AM ETAdd a comment
IDG News Service - Searching for Flash Player on Bing and Yahoo can lead to rogue pages distributing a hard-to-remove rootkit, according to security researchers from antivirus vendor GFI Software.

The problem resides with the so-called sponsored results, the advertisements displayed at the top of search results for particular keywords. These look slightly different from the organic results normally returned by Bing's algorithm, but close enough for users to frequently click on them.

In the new attack observed by GFI Software, a sponsored result shown when searching for "Adobe Flash" linked to a page called "Download Flash Player" under the GetAdobeFlash.com domain.

However, according to Alex Eckelberry, vice president and general manager of the security software division at GFI, clicking on the link redirected users to a rogue page that was advertising Flash Player 10 but distributed a dangerous rootkit instead.

"In this case, we're talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the 'net right now," said Eckelberry. "Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting)," he added.

Read more at :-
http://www.computerworld.com/s/article/9220859/Bin...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 15th Oct, 2011 10:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 15th Oct, 2011 10:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 15th Oct, 2011 11:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
They' Really Are Watching You

Your friends may say you're paranoid but this time you might be right.

By Paul Rubens |

Advertising networks, Web analytics companies and just about anyone else who's interested can track your online activity thanks to the unique digital fingerprints your Web browser leaves at every site you visit.

The simplest way that an advertising network can track you is by putting a "third party" browser cookie on your computer when you visit a site to which it supplies advertisements. When you visit another site that uses the same advertising network you can be identified by that cookie. As time goes on, it will build up a picture of your browsing habits

But your browser's cookie storage is not the only place that websites can place information to track you. Researcher Ashkan Soltani recently revealed how San Francisco, CA- based analytics firm KISSmetrics uses "supercookies" -- cookies that recreate themselves (or respawn) -- after they are deleted. This is done using information the company stores in a variety of places such as the storage area on your hard drive used by Adobe Flash (effectively creating a Flash cookie,) a local storage area used by HTML5 (creating a an HTML5 cookie,) and in ETags in your browser cache -- pieces of data that a browser stores to help it work out if the contents of its cache are up to date. They were never designed to store cookie data.

KISSmetrics' system can track your Web usage even if you are using your browser in private mode, have set your browser not to accept cookies, delete your browser's cookies (because they respawn) and even if you use multiple browsers.

If you think things couldn't get any worse, think again. Researcher Samy Kamkar illustrates the point with Evercookie, a Javascript API that produces "extremely persistent cookies in a browser" that would enable a tracking company to identify your browser by replicating standard cookie information in no fewer than 13 different places including

Read more at :-
http://www.esecurityplanet.com/browser-security/th...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 15th Oct, 2011 21:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 15th Oct, 2011 22:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla Highlights the Steps It Takes to Keep Firefox Add-ons Safe from Malicious Sites

Browser extensions and add-ons are great for extending functionality and customizing the experience to enable users to get the most out of their browsers. Firefox solidified and popularized the concept, leading to all browsers offering some way of extending functionality.

But the flip side of this is that it opens up core parts of the browser and even the system to third-party developers and that it also creates potential vulnerable points in a browser since many add-ons take fewer security precautions than the browsers themselves and add-on developers may be less experienced with these issues as well.


The solution to this is to design the add-on platform in such a way as to remove or limit the danger of exposing powerful functionality to web pages via add-ons.

Mozilla is showcasing some of the things it's done with the Add-on SDK, formerly known as Jetpack, its web technology-based add-on platform to ensure that add-ons aren't a weak point.

The most important thing it's done is to isolate the different layers of functionality and content. The idea is to make it as hard as possible for web content, which is by definition untrusted and could be malicious, to access the browser or the user's system underneath.

Read more at :-
http://news.softpedia.com/news/Mozilla-Highlights-...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 16th Oct, 2011 09:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
StaySafeOnline.org Infected with Malware

The security awareness Web site pushed malware to visitors from October 5 to 11.

The National Cyber Security Alliance says the security awareness Web site StaySafeOnline.org hosted a malicious iFrame that pushed malware to visitors from October 5 to 11.

"Security professionals including those from the US based Multi State Information Sharing and Analysis Centre (MS-ISAC) alerted the alliance to the problem," SC Magazine reports.

"Staysafeonline.org was taken offline until the infection was removed," the article states

Go to "Stay Safe Online.org pushes malware" to read the details.

http://www.esecurityplanet.com/malware/staysafeonl...

--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 16th Oct, 2011 09:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 17th Oct, 2011 19:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security suffers when firms sue researchers who report flaws
A researcher gets visited by police and threatened by lawyers after finding a flaw in the website of a pension fund. Time for a better way
By Robert Lemos | InfoWorldFollow @infoworld


The disclosure of vulnerabilities has always caused friction between the researchers who find flaws and the software firms who have to deal with fixing defects in their products.

Nowhere is this friction higher than when a researcher finds a flaw in a production website. Last week, for example, Australian security consultant Patrick Webster reportedly found a flaw in the website of pension fund First State Superannuation. Initially the company worked with Webster, but soon the security researcher received a visit from the police and threats from the company's lawyers, according to security site Risky.biz.

Read more at :-
http://www.infoworld.com/t/web-security/security-s...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 17th Oct, 2011 19:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Apache announces Openoffice is now an official project

Tries to steady the ship
By Lawrence Latif

THE APACHE SOFTWARE FOUNDATION (ASF) has announced that Openoffice is now an Apache Project.
The ASF said that Openoffice, which will be known as Apache Openoffice.org (incubating), will be developed under the organisation's "meritocratic process informally dubbed The Apache Way". The statement comes after a week in which there were fears that the Openoffice.org project would hit the buffers.
Early last week Openoffice.org issued a distressing press release titled "Open-Source Software Defends Itself Against Looming Shut-Down", essentially asking for donations. The contents of the press release were just as blunt as the title, saying, "In order for OpenOffice.org to continue to be professionally developed, Team Openoffice.org will have to rely on donations."
Since Oracle acquired Sun there have been lingering doubts about whether the company would continue to support Openoffice, which until recently was seen as the primary competitor to Microsoft's Office suite.

Read more at :-
http://www.theinquirer.net/inquirer/news/2117644/a...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 17th Oct, 2011 19:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
ICANN steps in to host the timezone database

In the nick of time
By Lawrence Latif
Mon Oct 17 2011, 15:43

INTERNET ADDRESS OUTFIT, the Internet Corporation for Assigned Names and Numbers (ICANN) has taken over hosting the international timezone database.
Last week it was revealed that the timezone database that has for years been maintained by volunteers had been taken offline following a legal dispute with Astrolabe Inc. Now ICANN has stepped up to host the database while knowing full well of the ongoing lawsuit.
Astrolabe argued that the two volunteers should pay royalties for including data from its software. ICANN has said it will keep the historical data in the database it is hosting.
Kim Davis, a technical manager at ICANN told USA Today, "We are aware of the lawsuit ... we believe it's important to continue the operation of the database. We'll deal with any legal matters as they arise."

More at :-
http://www.theinquirer.net/inquirer/news/2117699/i...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 17th Oct, 2011 19:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 17th Oct, 2011 19:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 18th Oct, 2011 10:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Security Researchers Warn of Malicious Bing Ads

An ad claiming to link to an Adobe Flash download site instead links to the ZeroAccess Trojan.

GFI Software researchers warn that searches on Bing for Adobe Flash can bring up an ad claiming to link to a Flash 10 download site.

"Of course, what those users get isn't Flash, but a kick in the digital teeth in the form of the ZeroAccess Trojan," writes Threatpost's Dennis Fisher. "This piece of malware, also known as Max++ and Sirefef, is a particularly ugly pest and includes some rootkit functionality that gives it the ability to stay resident on an infected machine even after cleanup attempts and reboots."

"ZeroAccess also is being used in an ongoing attack discovered last week by researchers at Dell SecureWorks in which users are redirected from compromised sites to an attack site that installs the Trojan," Fisher writes.

Go to "Malicious Ads on Bing Lead to ZeroAccess Trojan" to read the details.

http://www.esecurityplanet.com/malware/security-re...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 18th Oct, 2011 10:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 18th Oct, 2011 11:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 18th Oct, 2011 11:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Report Shows DoS Attacks as Hacker's Favorite Weapons

Almost a quarter of all cyber masterminds prefer to use DoS or DDoS attacks, while 19% rely on SQL injections to complete their evil missions.

After doing some digging on a popular hacker forum, the guys at Imperva came up with a report called "Hacker Intelligence Initiative, Monthly Trend Report", that shows these are the favorite means of attack, most deployed by cybercriminals.


Disturbing is the fact that most of the discussions on the tested website refer to tutorials for beginners, tools, programs and methods of hitting a site. Social engineering takes up 3% of the topics and instant messaging hacks come almost last with 2%.

In the past years, the subjects of debate haven't changed that much, but they've considerably increased. Spam, DoS, buffer overflows and zero-day vulnerabilities occupy the first positions when it comes to the growth of conversations.

More at :-
http://news.softpedia.com/news/Report-Shows-Hacker...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 18th Oct, 2011 16:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 18th Oct, 2011 17:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 18th Oct, 2011 18:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Oracle patch batch affects 'hundreds' of products
Some 76 patches will be issued by Oracle on Tuesday, but the most serious fix is for Oracle's Solaris OS

By Chris Kanaracus | IDG News Service

Oracle on Tuesday will release 76 patches affecting hundreds of its products as well as Java SE.

Fifty-six of the patches are aimed at Oracle products, and due to the danger of a successful attack, customers should apply them immediately, Oracle said.

Read more at :-
http://www.infoworld.com/d/security/oracle-patch-b...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 19th Oct, 2011 09:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 19th Oct, 2011 09:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Duqu Trojan a precursor to next Stuxnet, Symantec warns
New malware shares Stuxnet code, targets makers of industrial control systems

By Jaikumar Vijayan
October 18, 2011 03:53 PM ET2 Comments
Computerworld - Security vendor Symantec is warning of a new malware threat that it says could be a precursor to the next Stuxnet.

The new threat, dubbed W32.Duqu, is a remote access Trojan (RAT) that appears to have been written by the authors of Stuxnet, or at least by someone who has access to Stuxnet source code, Symantec said in a report released today.

Read more at :-
http://www.computerworld.com/s/article/9220969/Duq...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 19th Oct, 2011 09:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The UK will strike first in cyber warfare, says foreign secretary

Weapons have been developed
By Kate O'Flaherty
Tue Oct 18 2011, 16:18
THE UK has developed weapons to counter the threat from hackers and will strike first to protect itself, according to Foreign Secretary William Hague.
Hague has warned that the Government is investing heavily in deterrents but admitted he could not be certain they would be sufficient in repelling cyber attacks.
He told the Sun, "We will defend ourselves in every way we can, not only to deflect but to prevent attacks that we know are taking place.
"We are trying to prevent an arms race in cyber space. Given that the internet changes every day and billions more people will have access to it over the coming years, the potential for that arms race to grow and go out of control is enormous.
"There is no 100 per cent defence against this, just as there isn't against any other form of attack. We have to defend critical national infrastructure. We have to defend national security. We have to defend our entire commercial and economic system."
Hague added that although the UK Government is determined that such major attacks will not get through, "you now have to assume that they will be attempted".

More at :-
http://www.theinquirer.net/inquirer/news/2118012/u...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 19th Oct, 2011 09:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 19th Oct, 2011 09:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 19th Oct, 2011 17:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 19th Oct, 2011 17:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 19th Oct, 2011 17:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 19th Oct, 2011 18:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 19th Oct, 2011 18:19
South African Bank's Name Used in Phishing Campaign
Bank account phishing seems to be at an all time high, the names and reputations of many institutions being used in the latest schemes.

MalwareCity discovered another hoax that replicates almost perfectly the official website of Nedbank, one of the largest banks in South Africa.

It looks as the banks customers are faced with a link that's supposed to take them to a page that will allow them to verify their account details. The rogue replica is filled with malicious scripts that make sure all the information provided by the unsuspecting victim is transmitted to the hackers that launched the phish.

The repository's name or the country are not that important. What's really important is the fact that cybercriminals just don't give up when it comes to stealing your credentials and other sensitive data. Keep them protected by avoiding any emails that seem suspicious, even if they seem to be coming from a legitimate institutuon.

http://news.softpedia.com/news/South-African-Bank-...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 19th Oct, 2011 18:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 20th Oct, 2011 07:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Wednesday, October 19, 2011 | 16:48
Labels: Beta updates
The Beta channel has been updated to 15.0.874.100 for Windows, Mac, Linux, and ChromeFrame platforms



All
Updated V8 - 3.5.10.22
Numerous buffering fixes and optimizations for HTML5 media elements. (99775, 99749, 100439)
Tuned the omnibox to recognize more types of inputs as intranet navigations (99131, 94806)
Fixed several crashes and hangs (98975, 98948, 98955, 96861)
Fixed Omnibox enters keyword search mode incorrectly (95454)
Linux
Fixed partially visible toolbar in fullscreen mode (97177)
More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 20th Oct, 2011 20:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Adobe to fix Flash flaw that allows webcam spying
The flaw is similar to one disclosed in 2008
IDG News Service - Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.

The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher.

Technically known as user interface (UI) redressing, clickjacking is a type of attack that combines legitimate Web programming features, like CSS opacity and positioning, with social engineering to trick users into initiating unwanted actions.

More at :-
http://www.computerworld.com/s/article/9221052/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 20th Oct, 2011 20:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Fake AVG Download Sites Steal Bank Accounts

Rogue AVG offering sites are designed to look serious and genuine but in fact, they're only after your credit card information and as a bonus you might even receive a malicious virus.

Instead of installing pieces of scareware on the computers of unsuspecting victims, cybercriminals decided to deploy genuine looking sites that seem to sell already popular security products.


Zscaler came across a large number of websites that appear to be commercializing the well-known AVG Antivirus. While some of them ask for as much as $70 (50 EUR) for a complete package, others give it away for free, but ask for a maintenance fee.

Either way, all you end up with is an emptied bank account and a compromised credit card.

More at :-
http://news.softpedia.com/news/Fake-AVG-Download-S...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 21st Oct, 2011 12:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Anonymous Hackers Hit Child Porn Web Sites

The hackers say they've taken down 50 sites and leaked the names of more than 1,500 users.

Members of Anonymous claim to have taken down more than 50 child pornography Web sites and leaked the names of more than 1,500 members of one of the sites.

"The Anonymous campaign began Oct. 14, when members of the hacktivist group found a cache of child-pornography websites while browsing a secret website called the Hidden Wiki, a guidebook to hundreds of underground websites invisible to search engines and regular Internet users," writes SecurityNewsDaily's Matt Liebowitz.

"The hackers singled out Lolita City, a file-sharing site used by pedophiles, and leaked the names of the site's 1,589 active members to Pastebin on Tuesday (Oct. 18), the Examiner reported," Liebowitz writes.

Go to "Anonymous Hackers Take Down Child Porn Websites, Leak Users' Names" to read the details.

http://www.esecurityplanet.com/hackers/anonymous-h...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 21st Oct, 2011 12:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Detecting Malicious Traffic in HTTP Headers

New research effort could yield a never-seen-before type of detection mechanism for malicious traffic.

By Sean Michael Kerner |

In the battle against malicious traffic and infected websites, security researchers are always looking for new avenues of detection. According to Trustwave Security Researcher Rodrigo Montoro, one such approach could come from an analysis of HTTP headers to detect potentially malicious traffic.

Speaking at the SecTOR security conference in Toronto, Montoro detailed his approach toward scoring HTTP headers to help identify infected websites. Montoro explained that a signature-based approach can't scale properly, which is why he set out to find a new way forward.

Every time a Web browser connects to a website over HTTP, the HTTP transaction sends information about the connection in the header of the connection. HTTP header fields include things like the user-agent, content-type and cookie information.

"HTTP is everywhere and malware is using a lot of HTTP traffic," Montoro said. "The idea is that scoring works and is a simpler way to detect malware."

According to Montoro, malicious connections tend to do certain things wrong with HTTP. They reuse shared code and they often have uncommon user-agents, or no user agents at all. Malicious sites often have partial headers that are generally smaller in size than normal browser traffic. Additionally, the use of uncommon header types could be an indicator of malware infection.

Read more at :-
http://www.esecurityplanet.com/news/looking-for-ma...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Member 21st Oct, 2011 13:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 101
Member 21st Oct, 2011 13:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 102
Member 21st Oct, 2011 13:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 103
Member 22nd Oct, 2011 12:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 104
Member 22nd Oct, 2011 12:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

World's most sophisticated rootkit is being overhauled
New variants don't make obvious modifications to the MBR

By Lucian Constantin
October 21, 2011 09:50 AM
IDG News Service - Experts from security vendor ESET warn that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection.

"ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution," announced David Harley, the company's director of malware intelligence.

"Based on the analysis of its components we can say that some of those components have been rewritten from scratch (kernel-mode driver, user-mode payload) while some (specifically, some bootkit components) remain the same as in the previous versions," he noted.

Harley and his colleagues believe this suggests a major change within the TDL development team or the transition of its business model toward a crimeware toolkit that can be licensed to other cybercriminals.

TDL, also known as TDSS, is a family of rootkits characterized by complex and innovative detection evasion techniques. Back in July, malware analysts from Kaspersky Lab called TDL version 4 the most sophisticated threat in the world and estimated that the number of computers infected with it exceeds 4.5 million.

Read more at :-
http://www.computerworld.com/s/article/9221084/Wor...

--
Was this reply relevant?
+0
-0
mogs CClip 105
Member 22nd Oct, 2011 12:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Which Browser is the Most Secure?

The 'most hostile' one, say researchers at Accuvant Labs.

By Sean Michael Kerner | October 21, 2011

For as long as there has been more than one browser, users have been asking which browser is more secure. Answering the question has often led to an evaluation of publicly disclosed vulnerabilities and determining how long it takes a browser vendor or organization, to patch.

According to a pair of security researchers from Accuvant Labs speaking at the SecTOR security conference in Toronto this week, there needs to be a more holistic and thorough view of browsers to fully understand security risks.

"The browser is the most critical application that we all use and in some cases it's the only application we use," Shawn Moyer, managing principal research consultant with Accuvant said. "The browser decision is one of the most important you can make on your computer."

Moyer noted that the majority of modern exploits target the browser and Web applications that run within the browser. The Accuvant research is still a work in progress, though Moyer said the goal at this point is to provide some information about the approach to understanding the browser attack surface.

Read more at :-
http://www.esecurityplanet.com/browser-security/wh...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Member 22nd Oct, 2011 12:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Forget Stuxnet and Duqu -- hackers still score with old-school attacks
New malware hogs the attention, but bad passwords and basic vulnerabilities are more likely to sink enterprise systems
By Taylor Armerding | CSO


Everybody in IT knows it is a dangerous world out there, filled with an endless variety of cyber attacks aimed at compromising and taking advantage of security flaws.

But there is still a persistent lack of awareness of specific threats and how best to confront them, according to Rob Havelt, director of penetration testing for Trustwave, an international provider of information security and compliance solutions.

The irony, he says, is that it is not necessarily the newest, scariest malware or hack technique that can compromise an enterprise.

CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

"You see people get whipped up into a frenzy about the latest technique that requires all kinds of technical skill to exploit," he says, "while ignoring stuff that has been around since forever. One of the most common things we find on an internal network is bad password policy -- egregious things like 'admin' for an administrative password, or that the system administration password is blank."

More at :-
http://www.infoworld.com/d/security/forget-stuxnet...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Member 22nd Oct, 2011 12:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google's Gmail revamp is leaked

Google+ integration evident
By Lawrence Latif
Fri Oct 21 2011, 17:08

EMAIL SERVICE Gmail will receive a facelift according to a leaked video.
Google's popular Gmail service will receive cosmetic changes that include the ability to automatically change the layout according to window size and the ability to alter the density of items shown on the screen. There are also changes to the look and feel of Gmail threads, which now look a bit more like Google+ conversations.
Google will change the look of Gmail to match its corporate branding of flatter icons, however the layout will remain much the same. There has been a move towards ditching Javascript where possible and embracing HTML5, with the latest changes suggesting further HTML5 integration.
For Google, Gmail is one tool that its social networking rivals, Facebook and Twitter, simply don't have. If, as the video is implying, there's greater integration with Google+ then it marks a logical move to push Google+ to the vast number of Gmail users.

More at :-
http://www.theinquirer.net/inquirer/news/2119296/g...

--
Was this reply relevant?
+0
-0
mogs CClip 108
Member 22nd Oct, 2011 15:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 109
Member 22nd Oct, 2011 21:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The Most Interesting Things in Google Chrome 17 Are Hidden Behind Flags
Google Chrome is always getting small updates and new features, but since these trickle in over time, especially if you're using one of the testing versions of Chrome, it's hard to notice changes.

But old time Chrome users know that the best things are always hidden away, if you want to be on the cutting edge, it's not enough to use the dev channel version of Chrome or even the Chromium 'nightly' builds, the really interesting stuff is in the 'Flags' section.

Note that anything in there is experimental and likely to break, so if you're looking for stability, chrome://flags is not for you. That said, here are some of the cool things coming soon (possibly) to Google Chrome.

Read more here :-
http://news.softpedia.com/news/The-Most-Interestin...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Member 22nd Oct, 2011 22:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 22nd Oct, 2011 22:35
A computer security firm warned on Friday that cybercriminals were attempting to exploit Agence France-Presse photos of slain Libyan dictator Moamer Kadhafi in an email scam.

The email contains malware designed to infect personal computers running the Windows operating system, said Graham Cluley, a senior technology consultant at British-based computer security company Sophos.
"Hackers have spammed out an attack posing as pictures of (Kadhafi's) death, tricking users into believing that they came from the AFP news agency and are being forwarded by a fellow Internet user," Cluley said in a blog post.
Cluley said the scam email purports to be from "AFP Photo News" and offers "bloody photos" of Kadhafi's death.

More at :-
http://www.physorg.com/news/2011-10-hackers-afp-ph...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Member 22nd Oct, 2011 22:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
German scientists say they expect pieces of a defunct satellite hurtling toward the atmosphere to hit Earth this weekend.

Andreas Schuetz, a spokesman for the German Aerospace Center, said Friday the best estimate is still that the ROSAT scientific research satellite will impact sometime Saturday or Sunday.
The center says parts of the minivan-sized satellite will burn up during re-entry but up to 30 fragments weighing a total of 1.87 tons (1.7 metric tons) could crash into the Earth with a speed of up to 280 mph (450 kph).
The satellite orbits the Earth every 90 minutes and scientists can only say that it could hit Earth anywhere along its path, between 53-degrees north and 53-degrees south - a vast swath of territory that includes much of the planet outside the poles.

http://www.physorg.com/news/2011-10-german-satelli...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Member 23rd Oct, 2011 08:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
AVG: Hacktivism is slowing down business
By Tom Espiner, ZDNet UK, 22 October, 2011 12:00

Q&A
Czech security company AVG has about 98 million customers and users worldwide, thanks in large measure to its highly popular free antivirus software.

AVG's footprint as one of the planet's largest antivirus vendors gives it a good view of the threat landscape, according to the company. Its free product drives its paid-for business software, which is aimed at small businesses.

In recent years, a salient trend in cyberattacks has been online activism, which some commentators have labelled 'hacktivism'. Attacks by hacking groups such as Anonymous and LulzSec, which are designed to draw attention to political or other causes, have garnered numerous headlines over the past year. Anonymous and LulzSec have attacked organisations ranging from Visa to the UK Serious Organised Crime Agency (Soca).

AVG chief executive JR Smith, who used to own the Telecoms Solutions Group, talked to ZDNet UK about hacktivism, government responses to cyberattacks, and mobile security issues.

Read more at :-
http://www.zdnet.co.uk/news/security/2011/10/22/av...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Member 23rd Oct, 2011 08:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Handy tips for Windows 7, XP and Vista users
Want to speed up your mouse, adjust program volume, create DVD slideshows, Disable Caps Lock or free up disk space? We've listed 20 'how to' tips to help you
James Temperton PC help Windows 22/10/2011.


Read more: http://www.computeractive.co.uk/ca/pc-help/2108506...


--
Was this reply relevant?
+0
-0
mogs CClip 114
Member 23rd Oct, 2011 08:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Windows Services ~ Includes complete explanations of each service and advice on which services you can safely disable.

Windows 8 Service Configurations ~ Updated: October 22, 2011
Windows 7 Service Pack 1 Service Configurations ~ Updated: December 16, 2010
Windows Server 2008 R2 Service Configurations ~ Updated: August 5, 2010
Windows Vista Service Pack 2 Service Configurations ~ Updated: June 24, 2010
Windows XP x64 (64-bit) Service Pack 2 Service Configurations ~ August 5, 2010
Windows XP x86 (32-bit) Service Pack 3 Service Configurations ~ Updated: June 24, 2010
Windows 2000 Service Pack 4 Service Configurations ~ Updated: February 26, 2009

See these items and more at :-
http://www.blackviper.com/

--
Was this reply relevant?
+0
-0
mogs CClip 115
Member 24th Oct, 2011 10:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft's Official Youtube Channel Hacked

The Redmond company's official Youtube channel was overtaken by some cybercrooks that deleted all the videos and replaced them with short clips.

Youtube channel hacks seem to be the new trend among cybercriminals and after Sesame Street was compromised to serve adult movies, Microsoft's page featured a lot of short advertisements which called out to internauts asking for video responses.


Now the profile is almost fully restored to its original state, but according to Graham Cluley, during the hit there were some interesting messages posted.

More to read at :-
http://news.softpedia.com/news/Microsoft-s-Officia...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Member 24th Oct, 2011 10:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 117
Member 24th Oct, 2011 11:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Widely used encryption standard is insecure, say experts
XML encryption, used to secure communications between Web services, can be exploited so that sensitive information is decrypted

By Lucian Constantin

IDG News Service - A weakness in XML Encryption can be exploited to decrypt sensitive information, researchers say.

XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat. Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC (cipher block chaining) mode. They plan to present their findings in more detail at the ACM Conference on Computer and Communications Security later this year.

Read more at :-
http://www.computerworld.com/s/article/9221122/Wid...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Member 24th Oct, 2011 12:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 24th Oct, 2011 12:06

The PlayStation 3 has, reportedly, been hacked once again, through a brand new 'jailbreak' device called JB2, which is now being tested out by people in Indonesia, of all places.


Sony has had quite a lot of problems at the beginning of the year with security on the PlayStation 3, as groups of hackers finally managed to crack its encryption and allowed owners to run any sort of code on the home console, from homebrew applications to illegal copies of actual games, effectively kicking off a wave of piracy on the PlayStation 3.

Sony cracked down on these efforts, releasing multiple firmware updates that shut off hackers from accessing crucial systems on the console, while actively engaging those responsible for opening up the console, including hackers like George 'GeoHot' Hotz, who was caught in a lengthy lawsuit against the company.

Now, it seems that Sony should get ready for another wave of piracy, as several reports, via Digital Foundry, are now saying that the security systems on the PS3 have been foiled yet again through a new jailbreak device.

Read more at :-
http://news.softpedia.com/news/PlayStation-3-Hacke...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Member 24th Oct, 2011 17:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 120
Member 24th Oct, 2011 17:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Private Information of 9 Million Israelis Stolen and Posted Online

A contract worker of the Israeli Ministry of Labor and Welfare allegedly stole the personal information of 9 million people from the Population Registry and sold it to a private buyer.

According to The Jerusalem Post, the suspect copied ID numbers, names, addresses and other data that was then utilized to create an application called Argon 2006.


This piece of software allowed the information to be further sold based on certain parameters. Queries could be drawn up and particular individuals could remain exposed, such a tool representing gold for shady marketers, identity thieves and hackers.

The enormous quantity of data contained info on minors and even deceased people and their familial relations. The database later ended up on the Internet along with a detailed website that precisely described the proper way of using the software.

More at :-
http://news.softpedia.com/news/Private-Information...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Member 24th Oct, 2011 19:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Canary now at 17.0.917.0 !!! Chrome Release Channels
Contents
1 Channels
1.1 Windows
1.2 Mac
1.3 Linux
2 How do I choose which channel to use?
3 What should I do before I change my channel?
3.1 Back up your data!
3.2 Enable anonymous usage statistics
4 Reporting Dev channel and Canary build problems
5 Going back to a more stable channel
Chrome supports a number of different release channels. We use these channels to slowly roll out updates to users, starting with our close to daily Canary channel builds, all the way up to our Stable channel releases that happen every 6 weeks roughly.
Channels

Windows

Stable channel for Windows
Beta channel for Windows
Dev channel for Windows
Canary build for Windows (Note, this will run in parallel to any other Chrome channel you have installed, it will not use the same profile)

Read more at :-
http://www.chromium.org/getting-involved/dev-chann...

--
Was this reply relevant?
+0
-0
mogs CClip 122
Member 24th Oct, 2011 22:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 123
Member 25th Oct, 2011 08:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Taiwan Tops List for Attack Traffic

New Akamai report points the finger at Asia-Pacific for most attack traffic.

By Sean Michael Kerner |

Internet attacks can come from anywhere in the world, though according to a new report from Akamai, it's more likely that the Asia Pacific region is to blame.

Akamai's second quarter 2011 State of the Internet report, identifies the top source of attack traffic as well as which server ports are being targeted. For the second quarter, Taiwan topped the list of countries for attack traffic representing 10 percent of all global attack traffic, up from nine percent in the first quarter of 2011.

Myanmar (formerly known as Burma) held the top spot last quarter with 13 percent. In the second quarter, Myanmar fell to the number two slot, accounting for nine percent of attack traffic. In the first quarter, David Belson, author of the Akamai report told InternetNews.com that he wasn't sure if Myanmar would remain at the top of the list for the second quarter. Myanmar did not rank in the top ten for attack traffic in 2010. The U.S. placed third at 8.3 percent, China fourth at 7.8 percent and Russia round out the top five list coming in at 7.5 percent.

On a global basis, Akamai reported that 47 percent of all attack traffic observed by Akamai came from the Asia Pacific region. In contrast, 30 percent came from Europe, 20 percent from the Americas and only 3 percent from Africa.

Read more at :-
http://www.esecurityplanet.com/network-security/ta...

--
Was this reply relevant?
+0
-0
mogs CClip 124
Member 25th Oct, 2011 09:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 125
Member 25th Oct, 2011 15:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 25th Oct, 2011 15:10


--
Was this reply relevant?
+0
-0
mogs CClip 126
Member 25th Oct, 2011 15:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 127
Member 25th Oct, 2011 19:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 128
Member 25th Oct, 2011 20:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mitsubishi Cyberattack Leaks Nuclear Power Plant Data

The recent Mitsubishi attack was highly analyzed by the media and by specialists, but now it turns out that the damage is far more severe than originally estimated. Information on fighter jets, submarines, nuke plants and even missile systems might have been leaked as a result of the hit.


The Asahi Shimbun informs us that recent inquiries revealed that tons of information was transmitted from the company's computers to someone from outside.

More at :-
http://news.softpedia.com/news/Mitsubishi-Cyberatt...

--
Was this reply relevant?
+0
-0
mogs CClip 129
Member 25th Oct, 2011 20:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Spammers using public URL shortening service to evade detection
by Phil Muncaster

Spammers have built their own public URL shortening services to embed short links into unsolicited messages in the latest attempt to bypass traditional security defences, according to this month's Symantec Intelligence Report (PDF).
October's report found that the global ratio of spam in email traffic actually fell by 0.6 per cent to 74.2 per cent. However, the use of free, open source URL shortening scripts to conceal links to spam sites in emails could increase success rates, the security firm said.

Symantec first revealed that spammers were using what appeared to be their own URL shortening services back in May, although in effect these were a "poor man's version" of such services, according to Symantec senior intelligence analyst Paul Wood.
The ones uncovered in this month's report are more akin to legitimate versions of these services. At least 87 shortened URLs have been spotted so far, all with the same naming pattern and .info domain.

More at -
http://www.v3.co.uk/v3-uk/news/2119946/spammers-pu...

--
Was this reply relevant?
+0
-0
mogs CC130
Member 28th Oct, 2011 03:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
SOFTWARE FIRM Microsoft has announced that the Firefox web browser is now available with its Bing search engine.
The firm revealed in a blog post that it had been working hard with apparent rival Mozilla to add the Bing search option to the web browser that is nipping at its market share.
"You have told us to make it even easier to use Bing in Firefox," said Tor Steiner of the Bing team.
"Today we're teaming with Mozilla to release Firefox with Bing, a version of the popular Web browser that includes default search settings for Bing. Now Firefox users who are Bing enthusiasts can use Firefox with Bing to use the Web the way they want without having to take extra steps to navigate or customize their settings to Bing."
So some users might like the fact that Bing can be set as a homepage in Firefox and can be installed as the default setting in the Firefox search bar.
Bing Search for Firefox is offered as a browser add-on.


http://www.theinquirer.net/inquirer/news/2120396/m...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Member 28th Oct, 2011 03:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 132
Member 28th Oct, 2011 03:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 133
Member 28th Oct, 2011 03:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Flash Player 11.2 Beta Three weeks after Adobe Flash Player 11 rolled out, the company releases the first beta for their cross-platform, browser-based application. The release is available for Windows, Mac and Linux.

Flash Player 11.2.202.18 brings to the table fully multi-threaded video decoding, which should improve overall performance as the processes (decoding and rendering) are offloaded to hardware. Among the benefits we count an increase in frame rate, jitter elimination during encoding and live streaming as well as seek fram accuracy.

The second modification available in this version is for Windows platform only, and tackles the updating mechanism, which is now able to perform its duty in the background, silently. The option is available at the end of the installation procedure.

Besides the comfort of automatic updating, this feature is also security related, as it ensures that users run the latest version of the player, making them less vulnerable to attacks.

Check out the full release notes on this page.

http://news.softpedia.com/news/Flash-Player-11-2-B...

--
Was this reply relevant?
+0
-0
mogs CClip 134
Member 28th Oct, 2011 10:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 135
Member 28th Oct, 2011 13:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 136
Member 28th Oct, 2011 18:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 137
Member 28th Oct, 2011 21:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Number of fake antivirus attacks has decreased considerably, researchers say
New versions of scareware are still coming out, but distribution is not as aggressive anymore

By Lucian Constantin | IDG News Service

The frequency of attacks that distribute fake antivirus software, a long-time pillar of the underground economy, has decreased considerably in recent months. However, security researchers warn that the industry is not yet dead and new versions of attacks continue to be released.

According to a new report from antivirus vendor Kaspersky Lab, the rate of fake antivirus attacks in June was somewhere between 50,000 and 60,000 per day, but their frequency has dropped to under 10,000 a day.

More at :-
http://www.infoworld.com/d/security/number-fake-an...

--
Was this reply relevant?
+0
-0
mogs CClip 138
Member 28th Oct, 2011 21:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Video of Emma Watson Nude Links to Malware

The linked malware is currently detected by only 17 percent of anti-virus solutions.

Zscaler researchers are warning of a link to a video claiming to show actress Emma Watson naked, which instead leads to malware.

"But unfortunately for all those who fell for the lure, a click on the Play button or any other link does not start the (nonexistent) video," writes Help Net Security's Zeljka Zorz. "Instead, the target is asked to update its Adobe Flash Player in order to be able to view it."

"And the offered file (scandsk.exe) - actually a Trojan dropper - is currently detected by only 17 percent of the AV solutions employed by VirusTotal," Zorz writes.

Go to "Naked Emma Watson video leads to malware" to read the details.

http://www.esecurityplanet.com/malware/video-of-em...

--
Was this reply relevant?
+0
-0
mogs CClip 139
Member 28th Oct, 2011 21:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Apple fixes security flaws in Windows version of QuickTime
by Shaun Nichols
28 Oct 2011

Apple is advising Windows users to update their systems following the release of a patch for the QuickTime media player tool.
The company said in a security advisory that QuickTime 7.7.1 addresses 12 vulnerabilities in the Windows version of the platform, but does not affect Mac OS X users.
Ten of the flaws could be targeted by way of a maliciously crafted PICT or FlashPix movie file to cause an application crash and allow remote code execution.
The update also fixes a cross-site scripting flaw which could allow an attacker to insert code into an HTML file, and a vulnerability which could allow an attacker to view a user's memory contents by way of malformed movie file.
Apple urged Windows users to install the 7.7.1 update, which can be obtained through the Apple Software Update utility or manually downloaded from the Apple support site. The update supports Windows versions from XP to Windows 7.

http://www.v3.co.uk/v3-uk/news/2120703/apple-fixes...

--
Was this reply relevant?
+0
-0
mogs CClip 140
Member 29th Oct, 2011 11:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hacker Demos Lethal Attack on Insulin Pumps

Barnaby Jack demonstrated how an implantable insulin pump could be hacked to release a fatal dose of insulin.

At the Hacker Halted conference in Miami, McAfee security researcher Barnaby Jack recently demonstrated an attack that could be used to deliver a lethal dose of insulin to a diabetic.

"In it, he used a modified antenna and software to wirelessly attack and take control of implantable insulin pumps from the firm Medtronic," writes Threatpost's Paul Roberts. "Jack demonstrated how such a pump could be commanded to release a fatal dose of insulin to a diabetic who relied on the pump."

"Jack points out that the Medtronic devices do not use encryption to protect wireless communications between the implanted device and the management software," Roberts writes.

Go to "Blind Attack on Wireless Insulin Pumps Could Deliver Lethal Dose" to read the details.

http://www.esecurityplanet.com/hackers/hacker-demo...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Member 29th Oct, 2011 12:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 142
Member 29th Oct, 2011 12:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 143
Member 30th Oct, 2011 09:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google Chrome 17 Finally Has a Fully Working Multiple-Profile Feature
Google has been working on adding multiple profile support to Google Chrome for quite some time now. The first signs landed in Google Chrome 13, but even now, in the latest Google Chrome 15, it doesn't work perfectly, on all platforms.

But it looks like Google has finally cracked it with Google Chrome 17, technically Chromium 17 for now, multiple profiles work as they should, the integration with Google Accounts also works so the feature is finally usable.

Google has been tweaking the look and feel of the multi-profile menu as well, not to mention replacing the default avatars several times.

But it looks like it finally has a working combination, so you can finally have two different Chrome windows with completely different user profiles.

This comes in handy in a lot of situations, from running a logged-out Google Search, to keeping a different set of extensions for different tasks, watching YouTube, writing something on Google Docs, keeping up with friends in Facebook and so on.

http://news.softpedia.com/news/Google-Chrome-16-Fi...

--
Was this reply relevant?
+0
-0
mogs CClip 144
Member 30th Oct, 2011 14:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 30th Oct, 2011 14:12
US firm confirms web censoring tools used in Syria A US firm specializing in Internet censoring equipment on Friday confirmed that Syria was using its products to block web activity, amid a brutal crackdown on anti-regime protests.
Northern California-based Blue Coat Systems told AFP that Internet filtering equipment sold to Iraq's communications ministry has mysteriously been put to use in Syria but insisted it did not know how the equipment changed hands.
The United States bars selling any such equipment to Syria.
"The evidence points to it being in Syria," a Blue Coat official said, referring to analysis of data logs and computer address numbers from Syria's Internet posted by 'hactivists.'
"Since we didn't sell it there, we don't know the particulars," said the official, who asked not to be named due to the sensitivity of the matter.
The official said that it appears that at least 13 of the 14 Web censoring "appliances" shipped to Iraq -- which combine computer hardware and software -- are being used in Syria.

More at :-
http://www.physorg.com/news/2011-10-firm-web-censo...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Member 30th Oct, 2011 14:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
China-based servers in Japan cyber attacks: report A virus that infected computers at Japanese overseas diplomatic missions had been designed to send data to servers in China, a report said Friday.
The virus -- Backdoor Agent MOF -- has been found to have infected computers at around 10 embassies and consulates, and at least two of the servers designated as the recipients of stolen information were in China, the Yomiuri Shimbun said.
The virus is capable of transmitting user IDs and other information to terminals outside and operating software by bypassing authorised users, the daily said.
The domain of the servers was the same as that used for earlier cyber attacks on Google and tens of other companies, the Yomiuri said, quoting unnamed sources.
A "backdoor" virus opens a route into a computer's system to allow access by a remote hacker, who could use it to steal data.

More at :-
http://www.physorg.com/news/2011-10-china-based-se...

--
Was this reply relevant?
+0
-0
mogs CClip 146
Member 31st Oct, 2011 19:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
GCHQ chief reports 'disturbing' cyber-attacks on UK
COMMENTS (326)

The UK says cyber crime is as serious a threat as international terrorism
Cyber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence agency.

Government computers, along with defence, technology and engineering firms' designs have been targeted, Iain Lobban, the head of GCHQ, has said.

China and Russia are thought to be among the worst culprits involved in cyber attacks.

On Tuesday, the government hosts a two-day conference on the issue.

More at :-
http://www.bbc.co.uk/news/uk-15516959

--
Was this reply relevant?
+0
-0
mogs CClip 147
Member 31st Oct, 2011 19:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip148
Member 31st Oct, 2011 19:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Old image resize script leaves 1 million Web pages compromised
Timthumb can still be attacked when found in unused WordPress themes

By Lucian Constantin

IDG News Service - A serious code injection vulnerability affecting timthumb, a popular image resize script used in many WordPress themes and plugins, has been exploited in recent months to compromise more than 1 million Web pages.

Estimating the impact is not an easy task, according to website integrity monitoring vendor Sucuri Security, which monitored the fallout of this flaw since it was first announced at the beginning of August.

More at :-
http://www.computerworld.com/s/article/9221328/Old...

--
Was this reply relevant?
+0
-0
mogs CClip 149
Member 31st Oct, 2011 19:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 1st Nov, 2011 20:29
Facebook Getting Hammered With Up To 600,000 Hack Attempts a Day

Written by
Ravi Mandalia

Social media giant Facebook claimed that it usually blocks anywhere between 250,000 to 600,000 daily hack attempts, targeted to jeopardise the security of its users.

According to the company, everyday the site witness near about 1 billion or more logins, of which, approximately 0.06 percent are compromised.



Read more: http://www.itproportal.com/2011/10/31/facebook-get...

This thread is now closed.........
Please see November's CYBERCLIPS at ;-

http://secunia.com/community/forum/thread/show/116...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.