navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS October

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS October
Expert Contributor 3rd Oct, 2011 19:17
Ranking: 2265
Posts: 6,268
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK

Thirteenth Edition.
Thankyou for the support thro' the last month. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.
Scroll down for the latest posts !!
Please note that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Expert Contributor 3rd Oct, 2011 19:33
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
MSE false positive detection forces Google to update Chrome

Faulty antivirus blocks web browser
By Lucian Constantin
Mon Oct 03 2011, 12:13
INTERNET GIANT Google has been forced to update its Chrome web browser after Microsoft Security Essentials (MSE) started wrongfully detecting it as malware.
The false positive incident happened on Friday and involved Microsoft's security product alerting users that chrome.exe is a banking trojan from the Zeus family of malware and recommending its removal.
Users who acted on the program's recommendation and removed the threat found themselves no longer able to use the web browser. Many of them flocked to Google's Chrome support forum to report the problem.
According to a statement from Microsoft's Malware Protection Center, around 3,000 users were impacted by the faulty definition and ended up with the Chrome browser blocked or removed.
Microsoft released a signature update to address the error in a matter of hours, but Google decided that it couldn't rely on MSE users to deploy it and pushed out its own fix.
It's worth pointing out that unlike other web browsers, Google's Chrome is updated by an independent service that keeps on running even when the main browser process is closed.
"The Chrome Stable channel has been updated to 14.0.835.187, and the Beta channel has been updated to 15.0.874.58. These updates should help repair Chrome installs that were broken due to the issue with Microsoft Security Essentials," Google Chrome engineer Jason Kersey announced on the company's blog.

More at :-
http://www.theinquirer.net/inquirer/news/2113892/m...

--
Was this reply relevant?
+0
-0
mogs CClip 2
Expert Contributor 3rd Oct, 2011 19:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe Reveals Patch Making Process

Recent security updates released for their products made company representatives come forward with explanations on how the whole patching process works. As it turns out, the fix itself is easy, most of the time being spent doing tests to prevent incompatibility malfunctions.

Because they realize the implications of a newly released fix, the company wants to make sure that their software won't cause any damage to the machines it runs on.

According to The Register, the vulnerability is fixed in a fairly short time, somewhere between 20 minutes and 8 hours, so you might be wondering what happens in the remaining time until the patch is released.

As it's revealed,

the rest of the time, representing up to 6000 man hours, is spent testing the patched-up product on all the platforms it typically runs on. This process is necessary to make sure that users won't end up with constant BSODs.

Brad Arkin, Adobe's senior director of product security and privacy, revealed that “The last thing we want to do is ship a release that blue screens hundreds of millions of machines. This would be truly awful. That is something we absolutely can never afford to happen.”

Read more at :-
http://news.softpedia.com/news/Adobe-Reveals-Patch...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 3rd Oct, 2011 19:47
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
BT suffers huge broadband failure across much of UK

A "power failure" at a major exchange in Birmingham has seen huge numbers of BT Broadband customers across the UK cut off.

The company said those affected numbered into the hundreds of thousands - about 5% of its total customers.

Business users were particularly badly affected, with many reporting considerable lost revenue as a result.

BT said the service has now been fully restored, advising customers to "turn their hub or modem off and on again".

http://www.bbc.co.uk/news/technology-15154020

--
Was this reply relevant?
+0
-0
mogs CClip 4
Expert Contributor 3rd Oct, 2011 21:15
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Better Business Bureau offers rogue script browser peril

Oops! Scam warning service left eggfaced
By John Leyden •
Posted in Malware, 3rd October 2011 17:58 GMT

Rogue scripts on the scam advice website Better Business Bureau have sparked security concerns.

The issue was brought to our attention by Kevin, a server security consultant who said he informed BBB of the apparent problem on Saturday.

"I noticed a javascript redirect on the BBB Blogs site that seems to attempt to spawn an iframe to download (now deactivated) malware," he explained.

Kevin reckons the rogue script - captured in a screenshot posted on imageshack here - was still running on the site on Monday afternoon.

"The malware link IS live, but the malware distribution page it's linking to seems to have gotten shutdown," Kevin clarified.

More at :-
http://www.theregister.co.uk/2011/10/03/bbb_rogue_...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Expert Contributor 3rd Oct, 2011 21:48
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows XP usage share falls by record amount
Projections put Windows 7 as the most-used edition by May 2012

By Gregg Keizer | Computerworld


Microsoft's Windows XP lost an unprecedented amount of online usage share last month, a Web metrics company said Saturday.

The aging operating system -- it turned 10 several weeks ago -- lost almost 2 percentage points during September to end the month with a 50.5 percent share of all desktop operating systems, according to analytics firm Net Applications. The drop was the largest one-month decline in the company's tracking of Windows XP.

Read more at :-
http://www.infoworld.com/d/microsoft-windows/windo...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 3rd Oct, 2011 21:53
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Facebook turns to Websense for malicious URL detection
The goal is to protect users from clicking on links that take them to phishing and malware sites

By Lucian Constantin | IDG News Service

Facebook has partnered with security vendor Websense to protect its users from third-party malicious URLs spammed on the social networking website, the companies said on Monday.

Facebook has been plagued by malware distribution campaigns, survey scams and other types of threats for years now and despite the company's best efforts the attacks continue.

The site's blocking mechanisms have improved over time, but spammers are very determined to find ways around them since social media has become one of the primary malware propagation channels.

Most attacks involve users clicking on links that point to malicious web pages outside of Facebook's control, so to counter this, the company passes requests to external resources through its own URL redirector.

More at :-
http://www.infoworld.com/d/security/facebook-turns...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 4th Oct, 2011 08:59
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Dev Channel Update
Monday, October 3, 2011 | 17:08
Labels: Dev updates

The Dev channel has been updated to 16.0.899.0 for Windows, Mac, Linux, and Chrome Frame.

All
Updated V8 - 3.6.4.1
FTP: fixed compatibility issue with ftp.comconlink.co.za, issue 98212
HTML5 audio uses faster method of communications between host and renderer, thus reducing lag for Javascript <audio> objects; should be most noticeable in games, issue 61022
Fixed many known stability issues.
Windows
Fixed a regression where pages couldn’t receive Esc key events, issue 97568
Mac
Tweaks to the multiuser avatar menu
Linux
Fixed compile error with Heimdal, r103369
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 4th Oct, 2011 09:06
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 4th Oct, 2011 09:06
Microsoft updates Hotmail to deal with grey spam

Redmond strives to remake its web mail as (somehow) relevant
By Iain Thomson in San Francisco • Get more from this author
Posted in Spam, 4th October 2011 00:29 GMT

Microsoft is making a series of changes to its Hotmail service aimed at cutting down the amount of old mail stuck on servers, falsely labeled spam.

Redmond reckons that only about two per cent of inbox email is actually bona fide spam, with the bulk unwanted newsletter deals and alerts that were signed up for and are now either forgotten or no longer of interest – what Microsoft calls "grey mail".

More at :-
http://www.theregister.co.uk/2011/10/04/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 4th Oct, 2011 11:31
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Betfair Acknowledges Cyber Attacks

The attackers stole 2.28 million encrypted payment card account numbers and details, according to a report in The Telegraph.

October 03,
Online gambling company Betfair recently acknowledged that it was the victim of cyber attacks 18 months ago that attempted to gain access to customers' personal data.

"The company did not inform customers at the time," writes ZDNet UK's Ben Woods. "'18 months ago we were subject to an attempted data theft. Because of our security measures the data was unusable for fraudulent activity and we were able to recover the data intact,' the company said in a statement on Friday."

"However, according to a report in The Telegraph on Friday, the attackers did in fact manage to steal millions of users' sensitive details including 2.28 million encrypted payment card account numbers and details, 3.16 million account user names with encrypted security questions and 89,744 account user names with bank account details," Woods writes.

More at :-
http://www.esecurityplanet.com/hackers/betfair-ack...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 4th Oct, 2011 22:02
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Channel Update
Tuesday, October 4, 2011 | 09:40
Labels: Stable updates

The Stable channel has been updated to 14.0.835.202 for Windows, Mac, Linux, and Chrome Frame. This release contains Adobe Flash Player 11, along with the stability and security fixes listed below.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
[$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
[$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
[96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
[$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
[$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
[98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.
Full details about what changes have been made in this release are available in the SVN revision log. Interested in switching to another channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 4th Oct, 2011 22:08
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
A three-strike piracy law from France can easily leave 60 internauts without an internet connection for a month because they've failed to take the warnings about sharing copyrighted materials seriously.


According to Torrent Freak, in January 2010, a company named Hadopi was put in charge by the authorities to seek out all the users who share content that doesn't belong to them. In the first few months after the law was properly regulated 471,000 people were served a first warning.

Not everyone took the message seriously and soon after they received a second strike. By now, more than 650,000 ISP account holders have received a first warning which reads something like "Attention, your Internet connection has been used to commit acts that could constitute a breach of the law," also adding that piracy "is a serious threat to the economy of the cultural sector."

After the final numbers came in, it seems that by September this year there were 44,000 internauts who were one step away from losing their web connection, which means that not everyone took the advice seriously.

The report also shows that 60 people have already been blacklisted, waiting for a judge to give out the sentence which could consist in a €1500 ($2000) fine and the deprivation of an internet link for up to a month.

More at :-
http://news.softpedia.com/news/French-Internet-Use...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 4th Oct, 2011 22:13
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
There aren’t any details on what “initial support for Windows 8” means, but one thing is sure: Piriform has started the work to adapt their CCleaner to the new Windows environment since the previous version of the application; after all, Windows 8 is not in “Developer Preview” for nothing.

Besides adjustment to Windows 8, the newest CCleaner, version 3.11.1550, shows a set of improvements that range from cleaning Thunderbird’s cache or Safari’s history to enhancing secure deletion feature on FAT32 file system or the Drive Wiper tool in order to prevent freezing up of the user interface.

Cleaning up Windows Log Files, memory dumps or Office 2007 and 2010 suites is also included on the modifications list of the latest edition of the software.

New in this edition is support for AkelPad (http://www.softpedia.com/get/Office-tools/Text-edi...) (a free text editor).

Paid editions of CCleaner (Business and Home) have also been updated to version 3.11.1550.
http://news.softpedia.com/news/CCleaner-with-Initi...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 4th Oct, 2011 22:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Mozilla aims to add silent updating to Firefox 10
Cites 'update fatigue' caused by rapid release schedule

By Gregg Keizer
October 4, 2011 12:46 PM
Computerworld - A year after it pulled the plug on silent updates in Firefox 4, Mozilla said it will debut most of the behind-the-scenes feature by early next year.

Assuming Mozilla pulls off silent upgrading this time around, it would make Firefox only the second browser to take that route. Google's Chrome has been the poster boy for automatic updates that remove the user from the equation and can't be switched off.

Mozilla did not say it was copying Chrome -- it's denied doing so with other features -- but the chairman of the Mozilla Foundation, Mitchell Baker, acknowledged what she called "update fatigue."

"In the past we have been very careful to make sure people know something is changing with their Web browser before it changes," said Baker, who heads the non-profit organization that oversees the Firefox-making Mozilla Corp. "Today people are telling us -- loudly -- that the notifications are irritating and that a silent update process is important."

More at :-
http://www.computerworld.com/s/article/9220513/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 4th Oct, 2011 22:21
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
XSS web attacks could live forever, researcher warns
Cleaning up a website after a cross-site scripting attack may no longer be enough to protect its users

By Lucian Constantin
October 4, 2011 10:55 AM
IDG News Service - Websites that accidentally distribute rogue code could find it harder to undo the damage if attackers exploit widespread browser support for HTML5 local storage and an increasing tendency for heavy users of Web apps never to close their browser.

If browsers don't provide a mechanism for websites to securely recover from certain cross-site scripting attacks, the attacks could become invincible and the site at the origin of the attack remain compromised indefinitely, warned vulnerability researcher and Google security engineer Michal Zalewski in a blog posting on Saturday.

More at :-
http://www.computerworld.com/s/article/9220511/XSS...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 4th Oct, 2011 22:26
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Antivirus-evading bank malware surges

Sophisticated trojans help criminals
By Dean Wilson
Tue Oct 04 2011, 15:01

CYBER CRIMINALS ARE SENDING more banking trojans to computers worldwide, with a huge increase in the number of infections detected over the last two weeks, according to security firm Symantec.
Malware researchers noticed a massive increase in spam containing polymorphic malware, a type of virus that constantly changes its appearance to avoid being detected by antivirus software, Krebsonsecurity reported.
Symantec also identified a surge in this form of malware, jumping from 18.5 per cent in August to 72 per cent in September, which shows a sharp change from traditional malware to this more sophisticated form that appears to be netting criminals significantly more money than more familiar trojans and viruses.

More at :-
http://www.theinquirer.net/inquirer/news/2114335/a...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 5th Oct, 2011 09:25
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Beta Channel Update
Tuesday, October 4, 2011 | 16:55
Labels: Beta updates

The Beta channel has been updated to 15.0.874.81 for Windows, Mac, Linux, ChromeFrame platforms

All
Updated V8 - 3.5.10.15
Match main window notification subscription/unsubscription in BookmarkBarController
Fixed a deadlock induced by this pref being set in response to bookmark sync events (97955)
Enable floating bookmarks bar for NTP4 for M15 beta branch (98572)

Windows
Prevent a rendering error on Windows where content behind Chrome may render in front of the Chrome window (97808)
Added heuristic for fixing the alpha channel when reading clipboard images on Windows (97160)

Mac
Fixed bug where dragging bookmark-lets containing mixed character escape sequences (89394, 86643, 82283)
Fixed bug where previously minimized windows will re-minimize (97238)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg

--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 5th Oct, 2011 09:32
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Mozilla advises Firefox users to disable McAfee plugin
McAfee ScriptScan could cause stability or security problems and is responsible for browser crashes, according to Mozilla
By Robert McMillan | IDG News Service

It's the last thing McAfee would want users to hear about one of its products, but the Firefox browser is advising users to disable McAfee's ScriptScan software, saying that it could cause "stability or security problems."

SriptScan ships with McAfee's VirusScan antivirus program. It's designed to keep Web surfers safe by scanning for any malicious scripting code that might be running in the browser. But according to Mozilla it has an unintended side-effect: It can cause Firefox to crash... a lot.

In a note posted to its website, Mozilla said that the add-on "causes a high volume of crashes," and is "strongly encouraging" users to disable the software. The warning applies to all users of version 14.4.0 and below of the plugin, Mozilla said.

The Firefox browser started popping up warning messages Monday, advising that users disable the software

In McAfee user forums, there is a smattering of complaints about the Firefox problem.

More at :-
http://www.infoworld.com/d/applications/mozilla-ad...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 5th Oct, 2011 11:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stolen PayPal Accounts Sold for Cents on the Black Market

Phished PayPal accounts, some of which complete with an email address and even funds, are sold on an underground Soviet Union website for just a few measly bucks to anyone who wants easy access to some money.

Brian Krebs discovered the page and even managed to alert one of the holders whose account was swiped in what was probably a phishing expedition.


“Compromised PayPal accounts are a valuable commodity in the criminal underground, and crooks frequently trade them in shadowy online forums,” Krebs revealed on his personal blog.

The location we're talking about is a website registered with the .su domain which was created for the Soviet Union in 1990 and even though it's not officially used anymore, black hats still prefer them for illegal activities.

Some of the hacked accounts commercialized on the rogue site still have a credit card attached, which means that even if the balance is currently zero, it might soon be filled with currency by the unsuspecting victim.

More at :-
http://news.softpedia.com/news/Stolen-PayPal-Accou...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 5th Oct, 2011 11:29
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security by obscurity not so bad after all, argues prof

Game theory suggests secrecy has some uses
By John Leyden •
Posted in Security, 5th October 2011 08:24 GMT

Security by obscurity may not be so bad after all, according to a provocative new research paper that questions long-held security maxims.

The Kerckhoffs' Principle holds that withholding information on how a system works is no security defence. A second accepted principle is that a defender has to defend against all possible attack vectors, whereas the attacker only needs to find one overlooked flaw to be successful, the so-called fortification principle.


However a new research paper from Prof Dusko Pavlovic of Royal Holloway, University of London, applies game theory to the conflict between hackers and security defenders in suggesting system security can be improved by making it difficult for attackers to figure out how their mark works. For example, adding a layer of obfuscation to a software application can make it harder to reverse engineer.

More at :-
http://www.theregister.co.uk/2011/10/05/security_b...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 5th Oct, 2011 16:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Avira's 2012 Anti-Virus Software Version Released To get in line with all their competitors, Avira revealed the availability of their new version of anti-virus solutions, which should offer an enhanced protection to individuals and businesses, at the same time eliminating the mind boggling issues that normally come with such software.


“Our guiding philosophy in the design of our 2012 security software was ‘less is more’ – by which we give consumers, micro and small businesses more security protection with less manual configurations and decisions to make,” revealed Sorin Mustaca, product manager and data security expert at Avira.

“In addition to overhauling our code, increasing speed and reducing complexity, we’ve taken on more ownership for automating security settings and resolving software conflicts to install easily and keep our users safe from tricky malware.”

So what does the new product offer?

Read more at...and download at :-
http://news.softpedia.com/news/Avira-Releases-2012...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 5th Oct, 2011 16:46
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Passwords can be cracked in 12 seconds with £30 GPUs

Cheap as chips graphics cards aid hackers
By Dean Wilson

HACKERS CAN FIGURE OUT your password in less than 12 seconds thanks to high street graphics cards that cost as little as £30, business hosting firm UKFast revealed as part of Cyber Security Awareness Month.
The company performed tests using an Nvidia Geforce GT220 graphics card, which can be bought for £30 at some retailers, on a Windows 7 machine. It found that its security staff were able to crack an eight character password in four hours, a seven character password in five minutes and a six character password in just 12 seconds.
UKFast found that these cheap graphics card could process as much as 158 million possible passwords per second, putting previously complex and relatively unbreakable passwords at risk of being cracked by the sheer volume of potential combinations available over a short period of time.
For cyber criminals with more money at their fingertips, a top end graphics card costing £600 can process 10.3 billion possible password combinations per second, truly endangering password security.

Read more at :-
http://www.theinquirer.net/inquirer/news/2114746/p...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 5th Oct, 2011 19:52
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla Thunderbird 8, First Beta Released The new version of Mozilla’s email client follows in Firefox’s footsteps and disables third party add-ons by default.

Thunderbird 8.0 beta 1 does not boast any important changes as far as the interface or layout are concerned, but it does come with some improvements and numerous of platform fixes, which are not listed in the latest changelog.

The enhancements in version 8 of Thunderbird comprise better access to attachment lists and fixing up the interface a bit.

Basically, the only major modification is strengthening user control over third party add-ons, which represented a problem in Firefox browser, too. Any add-on that is not Mozilla-developed is automatically disabled, giving the user the opt-in chance if they want to use it.

This step should have a positive impact on Thunderbird’s startup times and on the interface, as toolbars will no longer lurk around, most of the time unused.

http://news.softpedia.com/news/Mozilla-Thunderbird...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 6th Oct, 2011 09:13
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Update: BofA site outages called 'unprecedented'
The bank has replaced its standard online Web page with an alternate

By Lucas Mearian

Computerworld - The six days of online brownouts and slowdowns that have plagued Bank of America's website are "unprecedented," a leading Internet and mobile cloud monitoring service said today.

"I don't think we've seen as significant and as long an outage with any bank. And I've been with Keynote for 16 years now," said Shawn White, vice president of operations for web monitoring service Keynote Systems. "It's particularly shocking precisely because these banks know how critical it is for their online customers to be able to access their bank account. It's so personal and dear to them."

Bank of America (BofA) said its Web and mobile services have not been hit by hacking or denial-of-service attacks. But the nation's largest bank would not disclose what's causing its online problems.

The bank also said it has substituted its standard homepage with an alternate one to help in user navigation.

More at :-
http://www.computerworld.com/s/article/9220562/Upd...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 6th Oct, 2011 09:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
NSS Labs offers reward money for fresh exploits
The company has set aside $4,400 for rewards for working exploits for 12 vulnerabilities
By Jeremy Kirk | IDG News Service

NSS Labs is sweetening the pot for its ExploitHub marketplace by offering rewards to security gurus who can write working exploits for a dozen "high-value" vulnerabilities.

The company, which has set aside $4,400 in reward money, plans to give $100 to $500 to the first people to submit a working exploit for the vulnerabilities. Ten of the vulnerabilities concern Microsoft's Internet Explorer browser, and two were found in Adobe's Flash multimedia program.

More at :-
http://www.infoworld.com/d/security/nss-labs-offer...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 6th Oct, 2011 09:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
VMware Gets Security Updates

The updates patch a vulnerability that could allow attackers to execute arbitrary code.

Updates were recently released for VMware, patching a vulnerability that could allow attackers to execute arbitrary code.

"The vulnerability lies in the way UDF filesystems are handled within VMware's Workstation, Player, and Fusion applications, and could be exploited by an attacker to execute code should a user install software from a specially crafted malicious ISO image," The H Security reports. "The problem was discovered by an anonymous person via the SecuriTeam Secure Disclosure program, and is believed to be present on all host operating systems."

"VMware versions up to and including Workstation 7.1.4, Player 3.1.4, and Fusion 3.1.2 are affected; other products are not vulnerable," the article states.

Go to "VMware patches buffer overflow in legacy products" to read the details.

http://www.esecurityplanet.com/patches/vmware-gets...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 6th Oct, 2011 20:25
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
LibreOffice fixes virus-friendly Word import flaw

Free and clear
By John Leyden •
Posted in Security, 6th October 2011 15:29 GMT

LibreOffice users ought to update their software: a security hole has been discovered in the code used to import Microsoft Word documents into the open-source productivity suite. The latest version of the software contains a fix for the problem.

A memory corruption-related vulnerability in the import code creates a possible mechanism for virus writers to inject hostile code into vulnerable systems, developers at The Document Foundation warn. The bug was discovered by RedHat security researcher Huzaifa Sidhpurwala and fixed with version 3.4.3 of the package.

Read more at :-
http://www.theregister.co.uk/2011/10/06/libreoffic...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 6th Oct, 2011 20:30
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 8 to slurp updates silently

Mozilla concedes enterprises might matter
By Gavin Clarke •
Posted in Software, 6th October 2011 12:29 GMT

Mozilla is changing the way Firefox installs on computers in an apparent concession to enterprise users it previously ruled were irrelevant.

New versions of the open-source browser will download and install silently on your machine, saving you the bother of downloading and authorising the update.

It is hoped switching to Chromesque updates in the background will eradicate "update fatigue" creeping in following Mozilla's decision to pump out upgrades more frequently. The plan for 2011 was four updates: we've had new code delivered every six weeks.

Chair of the Mozilla Foundation Mitchell Baker blogged here: "Today people are telling us – loudly – that the notifications are irritating and that a silent update process is important. This work is underway."

Baker said Mozilla had been "very careful" in the past about making sure people knew its browser was changing and said Mozilla had "erred on the side of caution".

"One main reason people are notified of updates is due to incompatible add-ons," she said. The issue will be addressed by improving add-on compatibility.

Silent updates are expected in the next version of Firefox, version 8, which is expected in early 2012.

More at :-
http://www.theregister.co.uk/2011/10/06/firefox_si...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 6th Oct, 2011 20:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Halloween-themed black hat SEO attacks have already started

Skeleton template searches lead to malware
By Lucian Constantin
Thu Oct 06 2011, 15:44

WEB SECURITY VENDOR Websense warns about black hat internet search engine optimization (BHSEO) attacks that poison Google's search results related to Halloween.
It's a known fact that cyber criminals don't miss any chance to profit from events that grab the public's attention. Be they holidays, natural disasters or celebrity deaths, everything is fair game for these people.
It's no surprise to see search result poisoning campaigns targeting Halloween, but it is a little unusual to see such attacks nearly one month before the holiday,
"We start with the search term 'halloween skeleton templates,' which brings up a poisoned search result. The link redirects users to what appears to be a fake YouTube site," the Websense security researchers explain.

More at :-
http://www.theinquirer.net/inquirer/news/2115280/h...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 6th Oct, 2011 20:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Online UK banking fraud falls
By Tom Espiner, ZDNet
Losses from online banking fraud have fallen for the second year in a row, according to the UK Cards Association.

From January to June 2011, £16.9m was lost in online banking fraud for UK-issued cards, down from £24.9m in the same period last year, the payments industry trade body said in a statement on Wednesday (PDF). These figures compare favourably to £39m lost between January and June 2009.

Online banking fraud can happen through phishing — where hackers forge emails or spoof websites in the hope of tricking users into divulging sensitive information. Other common banking fraud involves hackers sending infected attachments or encouraging users to visit malicious websites, to load information-stealing Trojans such as Zeus and SpyEye.

More at :-
http://www.zdnet.co.uk/news/security-threats/2011/...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 6th Oct, 2011 22:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
SpyEye steals banking codes by sending them to wrong phone
The new variant of the malware circumvents mobile SMS security procedures

By Lucian Constantin | IDG News Service


Researchers from browser security vendor Trusteer have identified a new variant of the SpyEye financial Trojan that tricks online banking users into changing the phone numbers associated with their accounts.

"The Trusteer research team recently uncovered a stealth new attack carried out by the SpyEye Trojan that circumvents mobile SMS (short message service) security measures implemented by many banks," said Amit Klein, Trusteer's chief technology officer, in a blog post.

"This attack, when successful, enables the thieves to make transactions on the user's account and confirm the transactions without the user's knowledge," he warned.

Read more at :-
http://www.infoworld.com/d/security/spyeye-steals-...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 7th Oct, 2011 08:01
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Thursday, October 6, 2011 | 15:52
Labels: Beta updates
The Beta channel has been updated to 15.0.874.83 for Windows, Mac, Linux, ChromeFrame platforms

All
Updated V8 - 3.5.10.16
Only deliver extension messages to contexts that care (96544, 76571)
Fix scrolling of full-frame pdf docs in accelerated compositing mode (93482)
Mac
Fixed PDF printing so headers and footers will only be added for HTML pages. (95225)
Fix speech input keyboard shortcut (97902)

More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 7th Oct, 2011 08:06
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 7th Oct, 2011 08:07
Chaos feared after Unix time-zone database is nuked

Developer sued for copyright infringement
By Dan Goodin in San Francisco •
Posted in Operating Systems, 7th October 2011 03:56 GMT

The internet's authoritative source for time-zone data has been shut down after the volunteer programmer who maintained it was sued for copyright infringement by a maker of astrology software.

David Olson, custodian of the Time Zone and Daylight Saving Time Database, said on Thursday he was retiring the FTP server he's long maintained. Also known as the Olson database, it's the official reference Unix machines use to set clocks to local time and is used by countless websites and applications to reconcile time differences across the world.

Read more at :-
http://www.theregister.co.uk/2011/10/07/unix_time_...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 7th Oct, 2011 21:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dutch SNS Bank Impersonated in Phishing Campaign The Dutch financial institution is realistically impersonated in the latest spam campaign that's been seen in the wild, joining the club of phishing expeditions that rely on attachments to do their thing.


It's not the first time we see a legitimate website being replicated in detail, as recently, PayPal also seemed to be sending out emails that announced unsuccessful transactions.

Mxlabs shows us the message that seems to be coming from the spoofed location SNS Bank <admin@72.29.75.183.com>, announcing the unsuspecting victim that his bank account needs to be verified as soon as possible.



The attachment, called SNS_RekeningActiveren, opens a form in the user's browser that requires him to complete a number of textfields that contain all sorts of sensitive information, including PIN number.

After the Submit button is hit, the data is sent to a Canadian domain which most likely is controlled by the masterminds behind the operation.

As the content of the email and the form is entirely in Dutch, the spam campaign most likely targets people from the Netherlands, but this is a very good example of phishing attempts that are carefully designed to be taken seriously. In the images contained in the article you can very well see the almost perfect resemblance.

Cybercriminals noticed the fact that emails written in a hurry, with a lot of grammar errors and filled with incorrect information mostly fail, so they turn to these more sophisticated attempts which were developed over a longer time period.

More at :-
http://news.softpedia.com/news/Dutch-SNS-Bank-Impe...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 7th Oct, 2011 21:09
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IE security hole sewn up for Patch Tuesday

It's that time of the month. Again
By John Leyden • Get more from this author
Posted in Security, 7th October 2011 13:01 GMT

Microsoft is planning eight security updates next week – two critical – as part of its regular Patch Tuesday programme.

The obvious highlight of the batch is a critical update for Internet Explorer that affects all supported versions of Microsoft's ubiquitous web browser, including IE 9. The second critical update covers flaws in Microsoft .NET Framework and Microsoft Silverlight that create a possible mechanism for miscreants to inject hostile code onto vulnerable systems.


The remaining six updates address lesser Windows vulnerabilities in Microsoft Forefront and Host Integration server. All six of these updates are rated as "important" and not all of them apply to all configurations. "IT administrators will have to evaluate to what degree they affect their networks, servers and workstation," according to Wolfgang Kandek, CTO at security services firm Qualys.

As usual, more details on the flaws will emerge once Microsoft has published its patches on Tuesday. In the meantime all we have to go on is Redmond's pre-release notice here. ®

http://www.theregister.co.uk/2011/10/07/ms_patch_t...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 7th Oct, 2011 21:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft to ship last service pack for Office 2007 this month
Gives customers a six-month window to test and deploy before suite leaves mainstream support next April

By Gregg Keizer

Computerworld - Microsoft yesterday announced it will ship a third and final service pack update for Office 2007 before year's end.

It appears that Microsoft will deliver Office 2007 Service Pack 3 (SP3) this month.

"The October 2011 release provides a six-month window to test and deploy the release prior to exiting mainstream support," Microsoft said in a blog post Thursday.

Office 2007, which went on general sale in January 2007 alongside Windows Vista, exits what Microsoft calls "mainstream support" in April 2012.

The suite will continue to be updated with security fixes for another five years after that, through April 11, 2017, during the "extended support" phase.

More at :-
http://www.computerworld.com/s/article/9220642/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 8th Oct, 2011 17:25
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft plans to fix 23 bugs on Patch Tuesday, two of them critical.

By Stuart J. Johnston

Patch Tuesday won't bring a lot of heavy lifting on October 11, but IT security administrators will still have two critical patches to apply. One affects all supported versions of Internet Explorer (IE).

In October, Microsoft is planning to release eight patches that fix a total of some 23 bugs.

According to a post on the Microsoft Security Response Center (MSRC) blog, this month's patches run the gamut from IE, .NET Framework and Silverlight, Microsoft Windows, Microsoft Forefront UAG (Unified Access Gateway), and Microsoft Host Integration Server.

At the top of the list in October are patches for IE which, for many versions of Microsoft's preeminent Web browser, are rated "critical" -- the highest-priority rating on the company's four-tier severity ranking scale.

Prior to actually releasing a patch, Microsoft does not disclose details about the bugs it fixes, so as not to give crackers any hints before a patch is available for download.

Although details of the IE patch have not been revealed yet, the notification does say that installing the patch will require a system restart.

Meanwhile, the second high-priority patch is rated critical for all versions of Windows, including Windows XP Service Pack 3 up through Windows 7. However, that patch only says it "may require" a restart after installation.

As far as the rest, those patches are mostly rated "important," Microsoft's second highest priority ranking. Most of those, too, will require a restart, however.

"For the patches in general, nearly all require a restart which will cause widespread disruptions across both Internet connected servers and user community desktops," Paul Henry, security and forensic analyst for researcher Lumension, said in an email to InternetNews.com.

http://www.esecurityplanet.com/patches/two-critica...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 8th Oct, 2011 17:36
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Siber Systems pushed a quick set of updates, every three or four days, since it released version 7.5.1, which caused a number of problems to the users, those using the password manager with Firefox being affected in particular.

Today they managed to offer version 7.5.4, which encompasses a batch of fixes aiming for better integration with Mozilla’s web browser, but not resuming to this alone.

Previous versions of the application showed issues with automatic filling of information in Firefox, but RoboForm 7.5.4 got them fixed. Trouble ranged from filling and submitting identities, language-related (German) problems or completing multi-line addresses.

More serious mending relates to Firefox crashing because of RoboForm; also, the floating of an additional RoboForm toolbar no longer occurs and AutoSave toolbar should no longer be visible when switching to a different tab.

You can access this page to check all fixes available in RoboForm 7.5.4.

http://news.softpedia.com/news/RoboForm-Updates-to...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 8th Oct, 2011 17:40
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
VLC development team just updated their versatile media player to version 1.1.12. It is not a major update, and it's not even ready for download just yet. Its purpose is to solve some security issues related to content streaming.

At this time only the source is available, so you won’t be able to install it just yet, and there won’t be any notification update just yet.

The interface remains the same since the new version tackles content steaming security issues for HTTP and RTSP (Real Time Streaming Protocol) server components. Regular users are not affected in any way by this modification.

Minor improvements have been made, though, and they better the audio input on Mac OS. Regular folk running Windows may not benefit from any modification, unless they run PulseAudio sound server.

http://news.softpedia.com/news/VLC-1-1-12-Coming-S...

--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 10th Oct, 2011 10:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Turkish Government Websites Defaced by Qatar Hacker

By performing an attack from Margent, a cybercriminal defaced a large number of websites belonging to the Ankara government, leaving them non-operational.

Websebse informs us that an attack from Margent is a highly popular method that can be easily used by even the more inexperienced hackers. By getting access to a single website, the villain can access the file system from where he can gain control of other websites hosted on the same server.


In this case, the defaced pages were all hosted on the domain behind the 67.205.74.10 IP address, giving the crook the opportunity to take over sites such as gsv.gov.tr or aydin-gm.gov.tr.

Because the locations are still down, I decided to research the attack a bit more.

The name of the hacker seems to be Q!sR QaTaR - Hacker Alajman and by other jobs he performed his motto seems to be “One Muslim Against The World.” One of the other hacks I've discovered was made on a website from Denmark that has nothing to do with politics or Muslims. In fact, the SWBSS website deals with “Salt Weathering on Buildings and Stone Sculptures.”

More at :-
http://news.softpedia.com/news/Turkish-Government-...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 10th Oct, 2011 10:40
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Dart, Google's Ambitious Plan to Replace JavaScript, Has Been Released Publicly

Dart, Google's programming language designed to replace JavaScript, is making its debut with the introduction of an "early preview" of the language.

Google has high hopes for Dart, but since this is the first public release of anything related to the actual code it remains to be seen whether it achieves what Google set out to do.

Perhaps more importantly, it also remains to be seen whether the community will adopt it and start using it in any meaningful numbers.

"Today we are introducing an early preview of Dart, a class-based optionally typed programming language for building web applications," Lars Bak, a software engineer on the Dart Team, announced.


Google still has some work to do on Dart, it's been working on it for quite some time too, it was initially called Dash. But it is comfortable enough with what it's got ready to release it to the public.

Dart was created to replace JavaScript as the de facto programming language of the web, in particular for web applications.

Google believed that some of JavaScript's limitations were impossible to overcome by evolving the language, so it created its own.

More at :-
http://news.softpedia.com/news/Dart-Google-s-Ambit...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 10th Oct, 2011 12:57
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Xbox Code Generator Promises Cypher but Delivers Malware

A new attempt of spreading malware has been seen in an old Xbox Code Generator scam that tries to dupe unsuspecting users by making it look as real as possible.

Sunbeltblog discovered an add on various video sharing websites which promises internauts an app that will generate a functional cypher.


Unlike other such scams, it doesn't directly spread malware and it doesn't ask for information, instead, this one first redirects the victim to a number of websites which all advertise the download of a piece of software.

Once the alleged code supplier is downloaded and executed, it opens what seems to be a genuine code generator which gives a series of invalid codes. To make everything look more real, at the bottom of the window a message is posted.

It reads "This version uses an outdated formula. The keys generated may not produce correct codes. Upgrade to 1.17"

If the update button is hit, you are taken to a .tk location that now seems to be legit. According to the source, the mastermind behind the operation might have changed the malicious page with a sports-related page in order to prevent the domain from being shut down, but it was too late.

Even though most of the sites related to the malicious operation were shut down, it's always good to know about these things as you never know when they might reappear under a slightly different form.

More at :-
http://news.softpedia.com/news/Xbox-Code-Generator...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 10th Oct, 2011 14:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Zombie browser with evil past returns from the grave

Regular and 'adult' versions promise to keep viruses from 'breeding'
By John Leyden • Get more from this author
Posted in Security, 10th October 2011 11:46 GMT

A rogue browser package has re-appeared online years after security researchers thought it was gone for good.

Yapbrowser first appeared in 2006, inciting marks to use what was touted as a full-function web browser client. In reality, the software was jammed packed with adware from notorious (now defunct) outfit Zango. Users attempting to visit any site using the browser were directed to a porn domain, as security watchers warned at the time.

More at :-
http://www.theregister.co.uk/2011/10/10/yapbrowser...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 10th Oct, 2011 15:41
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Office 2007 Language Pack Sales Discontinued as of July 2011

Customers looking to buy office 2007 Language Packs online will have a very hard time finding any.

This because Microsoft has discontinued the sales of Office 2007 language packs through the retail channel as of mid-2011.


A Microsoft representative working on the Office Language Interface Pack (LIP) team confirmed that Office 2007 customers can no longer get Language Packs:

“Apologies for the bad news but I have just been reliably informed that Office 2007 language packs are no longer available to buy online unfortunately. Microsoft no longer offers Office 2007 Language packs for retail purchase as of July 2011.”

In order to continue using Language Packs with their productivity suite, users will need to make the jump to Office 2010, the software giant revealed.

Read more at :-
http://news.softpedia.com/news/Office-2007-Languag...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 11th Oct, 2011 07:49
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Dev Channel Update
Monday, October 10, 2011 | 16:38
Labels: Dev updates

The Dev channel has been updated to 16.0.904.0 for Windows, Mac, Linux, and Chrome Frame.

Windows
[r104051] Eliminate window frame rendering errors on activate / deactivate.
Mac
More polish to the avatar menu bubble
[r103959] Restored the old bookmark menus (Issue 93674)
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
17 comments | Links to this post | Email Post

Stable Channel Update for Chromebooks
| 13:43
Labels: Chrome OS, Stable updates
The Stable channel has been updated to 14.0.835.204 (Platform version: 811.154) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

Highlights:
Stability fixes.
PDF rendering fix (issue 18521).
If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Dev channel? Find out how.

Orit Mazor
Google Chrome
2 comments | Links to this post | Email Post

Beta Channel Update for Chromebooks
| 11:11
Labels: Beta updates, Chrome OS
The Beta Channel has been updated to 15.0.874.83 (Platform version: 1011.62) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48)

Release highlights:
A number of functionality and stability fixes
Flash updated to 11.0.31.109
Web UI login performance fixes
PDF scrolling fix
Known issues:
3G activate successfully but with connection error (Issue: 18875 )
WebUI: Device offline message on X-86 machines even though network connected (Issue: 20014)
Gobi 3K activation fails and displays error page on Chrome OS (Issue: 20204)
Gobi 2K shows error for the first time activation before zip code page (Issue: 20525)

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Josafat Garcia
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CCLIP 45
Expert Contributor 11th Oct, 2011 21:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft flags Firefox and Chrome for security failings

Guess what it says about IE 9
By Dan Goodin in San Francisco • Get more from this author
Posted in Malware, 11th October 2011 18:02 GMT

Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats.

Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points respectively out of a possible score of 4. Visit the site using the IE 9, however, and the browser gets a perfect score. IE 7 gets only 1 point, and IE 6 receives no points at all. The site refused to rate Apple's Safari browser in tests run by The Register.

The page is designed to educate users about the importance of choosing an up-to-date browser that offers industry-standard features. The ability to automatically warn users when they're about to download a malicious file, to contain web content in a security sandbox that has no access to sensitive parts of the computer's operating system, and to automatically install updates are just three of the criteria.

http://www.theregister.co.uk/2011/10/11/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CCl;ip 46
Expert Contributor 11th Oct, 2011 22:16
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
· By Eduard Kovacs
VeriSign Wants Full Control Over All .Com Domains in the World

VeriSign, which is now a subsidiary of Symantec, recently filled a motion to ICANN, demanding the power to terminate the activity of any .com domain in the world if it's considered to be illegal or abusive, in the effort of aiding law enforcement officials.


According to The Register, the biggest issue rises from the fact that certain web locations that might be considered legal in the US or Europe can be just the same considered illegal in some Asian countries and in this case it would be hard to act in accordance with both parties.

The company has worked on many occasions with law enforcement agencies in the US, helping them shut down sites that were advertising illegally obtained merchandise and they claim that police agencies around the world ask for their aid in similar operations.

"Various law enforcement personnel, around the globe, have asked us to mitigate domain name abuse, and have validated our approach to rapid suspension of malicious domain names," VeriSign told the Internet Corporation for Assigned Names and Numbers (ICANN).

If they'll receive the powers they demand, they will no longer require a court order to take down a certain address, a request from legal authorities being enough.

More at :-
http://news.softpedia.com/news/VeriSign-Wants-Full...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 11th Oct, 2011 22:24
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Many websites 'leaking' personal info to other firms
Websites are sharing usernames and other personal information with advertising partners, a Stanford study says

By Grant Gross
October 11, 2011 02:34 PM
IDG News Service - Many top websites share their visitors' names, usernames or other personal information with their partners without telling users and, in some cases, without knowing they're doing it, according to a new study from Stanford University.

Many websites "leak" usernames to third-party advertising networks by including usernames in URLs that the ad networks can see in referrer headers, said the study, released Tuesday by Stanford Law School's Center for Internet and Society. While there's a debate in legal circles whether usernames are personal information, there's a growing consensus among computer scientists that Web-based companies can use usernames to identify their owners, said Jonathan Mayer, a Stanford graduate student who led the study.

Read more at :-
http://www.computerworld.com/s/article/9220731/Man...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 12th Oct, 2011 07:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

PC infected? Blame yourself, Microsoft report concludes
Patchable vulnerabilities -- particularly Java-based holes -- account for the vast majority of malware infections

By Julie Bort | Network World

Zero-day exploits are nerve-racking for IT professionals but are far less dangerous than unpatched older vulnerabilities for which fixes are available, Microsoft says.

A zero-day is a vulnerability for which a patch is not yet available. These accounted for less than 1 percent of all detected infections in the first half of 2011, according to Microsoft's latest security research report. Instead, Microsoft finds that Java remains the worst cause of infections -- and old Java at that, with patches long since available.


"Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters," says the Microsoft Security Intelligence Report Volume 11, released Tuesday. [Full report PDF]. Java attacks include infections from holes in the Java Runtime Environment, Java Virtual Machine, and Java SE in the Java Development Kit.

Like previous versions of this report, Microsoft finds that nearly all infections could have been stopped if the user had been using the latest version of software or had not clicked on a malware-laced link. Note that the report is limited to instances of attacks that Microsoft can detect through its Malicious Software Removal Tool and its other anti-malware products. Zero-day attacks that it cannot detect would not be calculated in its findings. Using these, the company analyzed security incidents from more than 600 million systems in more than 100 countries for the first half of 2011, many of them Windows PCs owned by consumers or small businesses without dedicated IT staff.

Read more at :-
http://www.infoworld.com/d/security/pc-infected-bl...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 12th Oct, 2011 07:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

YesAsia Does Not Spam Customers with Fake Bills

A well-known online retailer's name is used in the latest spam campaign that's been spotted in the inboxes of potential victims, pretending to ask confirmation for an order that was never actually made.

According to Graham Cluley, the example he saw claimed that the victim purchased an external hard drive and a webcam which cost a total of almost $500 (350 EUR), a fact which could scare anyone.


The unsuspecting internauts could rush to click on the link provided in the email to see how this could be possible, but instead of receiving explanations, they end up with a zip file that contains malicious elements which take over the device.

As we see in this case, the cybercriminals registered a domain called yesasia-invoices.com just for the occasion, to make the whole thing look more legit.

Another thing that makes the scam look more real is that the messages seem to be coming from an automated service. This combined with the cleverly crafted domain could easily fool anyone.

More at :-
http://news.softpedia.com/news/YesAsia-Does-Not-Sp...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 12th Oct, 2011 20:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

The SSL certificate industry can and should be replaced
By Ellen Messmer
October 12, 2011 10:38 AM
Network World - The SSL certificate authorities like Comodo that have had their security undermined by hackers shouldn't be trusted, and in fact, the way the entire SSL certificate industry of today works can and should be replaced with something better, says Moxie Marlinspike, a security expert who's come up with a plan he says will do that.

Marlinspike's plan, unveiled last August at the Black Hat Conference, is called "Convergence," and it's gaining some momentum, particularly after the shocking hacker attacks on DigiNotar, GlobalSign, Comodo and other SSL certificate authorities of late that resulted in fake certificates coming into use on the web, including a fake Google certificate, since revoked.

Read more at :-
http://www.computerworld.com/s/article/9220763/The...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 12th Oct, 2011 20:49
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

93,000 accounts broken into
By John Leyden • Get more from this author
Posted in Security, 12th October 2011 10:37 GMT

Sony has warned users against a massive bruteforce attack against PlayStation and Sony network accounts.

The attack – which used password and user ID combinations from an unidentified third-party source – succeeded in compromising 60,000 PlayStation Network and 33,000 Sony Online Entertainment network accounts. These accounts have been locked and passwords reset.


Credit card information is not stored on the dashboard of Sony accounts but it might have been possible that unauthorised charges were made against the wallets held on compromised accounts. Sony has promised to refund any such losses, as explained in a statement by Philip Reitinger, senior vice president and chief information security officer at Sony Group, on the PlayStation blog here.

Both the motive for the latest attack against Sony network users and the identity of the perpetrator(s) remains unclear.

Sony shut down its PlayStation Network in April in the aftermath of a far more damaging hack attack. The service wasn't restored until a month later. Personal information on 77 million account-holders was exposed as a result of the April PlayStation hack. Details including names, addresses, passwords and purchase histories was exposed by the megahack.

Sony was widely criticised for its handling of the incident, one of the biggest data breach incident (by volume of records) in history. ®

http://www.theregister.co.uk/2011/10/12/playstatio...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Expert Contributor 12th Oct, 2011 20:53
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Skype-snooping Bundestrojaner legal, insists gov
By John Leyden •
Posted in Malware, 12th October 2011 15:19 GMT

Five German states have admitted using a controversial backdoor Trojan to spy on criminal suspects.

Samples of the so-called R2D2 (AKA "0zapftis") Trojan came into the possession of the Chaos Computer Club (CCC), which published an analysis of the code last weekend.


German federal law allows the use of malware to eavesdrop on Skype conversations. But the CCC analysis suggests that the specific Trojan it wrote about is capable of a far wider range of functions than this – including establishing a backdoor on compromised machines and keystroke logging. The backdoor creates a means for third parties to hijack compromised machines, while the lack of encryption creates a mechanism for miscreants to plant false evidence. The CCC slams the code as being both "amateurishly written" and illegal.

More at :-
http://www.theregister.co.uk/2011/10/12/bundestroj...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Expert Contributor 13th Oct, 2011 08:41
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Wednesday, October 12, 2011 | 15:20
Labels: Beta updates
The Beta channel has been updated to 15.0.874.92 for Windows, Mac, Linux, and ChromeFrame platforms

All
Updated V8 - 3.5.10.17
Fixed crash during Print Preview (96063)
Fixed excessive margins in printing (92000)
Fixed large downloads don't show progress (94468)
Fixed Netflix/Silverlight error (97319)
Disabled acceleration for background pages (96006)
Restored the old bookmark menus (93674)
Added support for an optional "requirements" section in extension/app manifests (99241)
Windows
Fixed window rendering issue on focus(90386)
More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 13th Oct, 2011 08:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Peer-to-peer update makes ZeuS botnets harder to take down

Not your father's zombie network
By Dan Goodin in San Francisco • Get more from this author
Posted in Malware, 13th October 2011 06:01 GMT

A new strain of the ZeuS crimeware toolkit comes with a peer-to-peer design that lets infected machines bypass centralized servers when receiving updates and marching orders from operators, a researcher said.

The update to a custom-built ZeuS variant known as Murofet could make it harder for white-hat hackers and law-enforcement agents to disrupt botnets by eliminating centralized command and control servers they infiltrate or shut down, said the the researcher with Zeus Tracker, which monitors botnet communications. The researcher, who asked that his name not be included in this article, recently counted machines from more than 100,000 unique IP addresses infected by the custom build.

More at :-
http://www.theregister.co.uk/2011/10/13/zeus_botne...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 13th Oct, 2011 08:52
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 13th Oct, 2011 08:55
VLC Media Player Gets Security Update

Version 1.1.12 patches a vulnerability that could be exploited by an attacker to crash the server process.

VideoLAN recently announced the release of version 1.1.12 of its VLC Media Player.

"The maintenance and security update addresses a NULL dereference vulnerability in the HTTP and RTSP server component used by VLC which could be exploited by an attacker to crash the server process," The H Security reports.

"For an attack to be successful, a victim must have started VLC server and manually started the HTTP web interface, HTTP output, RTSP output or RTSP VoD functions," the article states.

Go to "VLC Media Player 1.1.12 closes security hole" to read the details.

http://www.esecurityplanet.com/patches/vlc-media-p...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 13th Oct, 2011 08:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
iTunes for Windows Updated to Patch Security Flaws

The update patches a total of 79 vulnerabilities.


Apple has released iTunes 10.5 for Windows, patching several security flaws.

"The security patch, available for Windows 7, Windows Vista and Windows XP SP2, fixes a total of 79 documented vulnerabilities," writes ZDNet's Ryan Naraine. "The most serious of these flaws could allow remote code execution attacks via booby-trapped image or movie files."

"Details on the vulnerabilities can be found in this Apple security advisory," Naraine writes.

Go to "Apple slaps another security band-aid on iTunes" to read the details.

http://www.esecurityplanet.com/patches/itunes-for-...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 13th Oct, 2011 11:34
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
EU bans pre-ticked website boxes to aid consumers

Consumers will be exempt from costs of which they were not 'properly informed' before purchase

"Pre-ticked" boxes on shopping websites will be banned in European Union states under newly approved legislation.

EU ministers meeting in Luxembourg have passed a set of rules aimed at strengthening consumer rights, which the EU parliament backed in June.

They mean online traders will have to disclose the total cost of a product - including fees - and customers will have to actively opt-in to extras.

Member countries will have two years to implement the rules nationally.

'Cooling off' period
Announcing the legislation had been passed, the European Commission cited the example of buying airline tickets online, when customers may have needed to actively decline optional extras such as travel insurance.

"With the new directive, pre-ticked boxes will be banned across the European Union," it said in a statement.

Read more at :-
http://www.bbc.co.uk/news/world-europe-15260748

--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 13th Oct, 2011 12:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
300,000 Websites Fall Victim to ASP Mass Infection

Google reveals another mass infection which affected hundreds of thousands of sites that relied on ASP or ASP.NET web application frameworks.

Armorize informed us of the incident, but since the announcement was made, the number of infected websites has doubled, reaching more that 300,000.


A malicious script that points to "jjghui(dot)com/urchin(dot)js" got injected into the victim locations which the researchers reveal to be targeting English, German, French and other language speakers.

Unfortunately, internauts with outdated browser components get instantly infected when they visit one of the compromised locations, without even realizing what hit them and even though the drive-by download attack seems to be targeting only the websites based on the above mentioned framework, there are plenty of victims to choose from.

More at :-
http://news.softpedia.com/news/300-000-Websites-Fa...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 13th Oct, 2011 12:52
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Download Safari 5.1.1 for Mac and Windows

Apple has launched Safari 5.1.1, which includes support for iCloud (the company’s new set of free cloud services), as well as several new fixes and improvements, including security patches.

For Safari users in particular, iCloud support means that they can now store their bookmarks and Safari Reading List and have it automatically pushed to all their devices that have the browser.


According to Apple, “Safari 5.1.1 also contains various bug fixes and improvements to stability, compatibility, and security, including fixes.”

Read more at :-
http://news.softpedia.com/news/Download-Safari-5-1...

--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 13th Oct, 2011 14:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Facing closure, OpenOffice.org begs for survival
As the latest team behind the free productivity suite cries, 'OpenOffice.org can't be allowed to die!'

By Katherine Noyes | PC World

The OpenOffice.org office productivity suite has had something of a wild ride ever since it fell into Oracle's hands with the acquisition of Sun early last year, and now it looks like that ride may be coming to an end.

Oracle divested itself of OpenOffice.org in June -- donating it instead to the Apache Software Foundation Incubator -- and now the project is in trouble. Today, the Germany-based team now keeping it up plans to launch a major fundraising campaign with the simple goal of keeping the software alive.

"The brains behind OpenOffice.org want the open source software to continue as an association and to finance the continued development of the associated programs and user support through donations," reads the group's announcement, adding that the end of OpenOffice.org would be disastrous.

Read more at :-
http://www.infoworld.com/d/open-source-software/fa...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 13th Oct, 2011 17:36
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Social net sites do wonders for crooks, spooks and bosses

'Computers are making people easier to use everyday'
By John Leyden • Get more from this author
Posted in ID, 13th October 2011 12:44 GMT

RSA Europe Social networks make obtaining sensitive background information on people as a prelude to stealing their identities – and running attacks on corporations – easier than ever before.

Ira Winkler, president of ISAG (Internet Security Advisors Group), an ex-NSA officer and cybercrime guru, has called for increased security awareness training. "People don't realise what they are putting out there," he said. "Computers are making people easier to use everyday."

Bottom line............
"You can have no expectation of privacy for anything you put on the internet," Winkler. "The test has to be: do you want your worst possible enemy to see the information you are putting online?" ®

Read more at :-
http://www.theregister.co.uk/2011/10/13/social_net...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 13th Oct, 2011 17:50
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mac OS X security update causes crashes, say experts
Apple's massive security update addresses more than 70 vulnerabilities, but installing the patches could render computers unbootable
By Lucian Constantin | IDG News Service

Apple has released a massive security update for Mac OS X along with a new version of its OS, however, according to several reports, installing the patches could render computers unbootable.

The Mac OS X Security Update 2011-006 addresses more than 70 vulnerabilities in core components, as well as third-party products bundled by default with the OS.

http://www.infoworld.com/d/security/mac-os-x-secur...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 14th Oct, 2011 23:47
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Free Windows 7 Trial End of Availability Date Approaching, Extension Needed

Microsoft has been providing free copies of Windows 7 to customers wishing to test the operating system before purchasing a license, and an extension of existing availability plan is needed if downloads are to be kept live in 2012.

Windows 7 Enterprise 90-day Trial has been available as a free download through a special webpage set up on TechNet since the platform hit general availability, for approximately two years now.


The trial is a fully functional copy of Windows 7 Enterprise, the SKU equivalent of the Enterprise edition, which users can try for 90 days.

The ISO that the software giant provides is time-bombed, and will expire after 90 days since the first installation, at which point customers need to either buy a license or uninstall the operating system. The Slmgr reactivation method doesn’t work on the Enterprise edition.

Read more at :-
http://news.softpedia.com/news/Free-Windows-7-Tria...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 14th Oct, 2011 23:52
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mass ASP.NET attack causes websites to turn on visitors

614,000 pages so far in ongoing epidemic
By Dan Goodin in San Francisco •
Posted in Malware, 14th October 2011 19:24 GMT

An infection that causes poorly configured websites to silently bombard visitors with malware attacks has hit almost 614,000 webpages, Google searches show.

The mass infection, which redirects users to a site exploiting old versions of Oracle's Java, Adobe's Flash player and various browsers, was first disclosed by researchers from Armorize on Wednesday. At the time, it appeared to affect about 180,000 pages. By time of writing on Friday, the initial attack and a follow-on exploit has spread to 613,890 combined pages. The SQL injection attack mostly exploits websites running Microsoft's ASP.Net web application framework.

The infection injects code into websites operated by restaurants, hospitals, and other small businesses and plants an invisible link in visitors' browsers to sites including jjghui.com and nbnjkl.com. Those sites in turn redirected to several other websites that include highly obfuscated code. At the end of the line is a cocktail of attacks that exploit known vulnerabilities in Java and the other targeted programs. Computers running unpatched versions are then commandeered. Servers in the attack used IP addresses based in the US and Russia.

More at :-
http://www.theregister.co.uk/2011/10/14/mass_websi...

--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 14th Oct, 2011 23:58
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Bing, Yahoo sponsored results lead to hard-to-remove rootkit
Searching for Flash Player can lead to rogue pages

By Lucian Constantin
October 14, 2011 10:37 AM ETAdd a comment
IDG News Service - Searching for Flash Player on Bing and Yahoo can lead to rogue pages distributing a hard-to-remove rootkit, according to security researchers from antivirus vendor GFI Software.

The problem resides with the so-called sponsored results, the advertisements displayed at the top of search results for particular keywords. These look slightly different from the organic results normally returned by Bing's algorithm, but close enough for users to frequently click on them.

In the new attack observed by GFI Software, a sponsored result shown when searching for "Adobe Flash" linked to a page called "Download Flash Player" under the GetAdobeFlash.com domain.

However, according to Alex Eckelberry, vice president and general manager of the security software division at GFI, clicking on the link redirected users to a rogue page that was advertising Flash Player 10 but distributed a dangerous rootkit instead.

"In this case, we're talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the 'net right now," said Eckelberry. "Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting)," he added.

Read more at :-
http://www.computerworld.com/s/article/9220859/Bin...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 15th Oct, 2011 10:24
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK


RoboForm 7.5.6 is out and, just like it happened with previous releases, users are not content with this one either. A hefty batch of fixes regarding Firefox integration predominates, but Chrome is also targeted.

On Opera there is only one fix, but it finally renders RoboForm usable with the web browser since it makes Fill&Submit work.

McAfee SiteAdvisor crashes RoboForm, but there is no fix for this just now, with the developer advising users to “try to get around it.”

RoboForm seems to be suffering from a very bad case of “whammy” starting version 7.5.x. However, users not dealing with issues are affected by the update process, which is intrusive because it requires reinstallation of the application.

The rapid release model in web browser development already seems to have been adopted by the company, considering the frequency of the new updates rolled out lately (since the beginning of the month). Silent updates would be a fair next move.

Check out the full changelog for this version.

More at :-
http://news.softpedia.com/news/New-RoboForm-7-5-6-...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 15th Oct, 2011 10:58
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hacker Attacks XBOX Live Accounts to Purchase FIFA Content

A strange situation seems to be developing where XBOX Live accounts are hacked, but the credit cards attached to them are mainly used to purchase FIFA Ultimate Team content packages.

After Play Station, now it's time for XBOX enthusiasts to become the victims of hackers.


According to Eurogamer, a number of game console owners realized that their accounts were tampered with and points from their credit cards disappeared.

"I then find out that I've had 5000 then 500 MS points bought on my credit card. Better yet, all the points including the 120 I had already on my account are gone... all spent on FIFA 12 content packs yesterday afternoon while I was at work,” revealed one of the first victims.

Soon after the incident, a Microsoft representative told Eurogamer that they are aware of the situation which is currently being handled.

More at :-
http://news.softpedia.com/news/Hacker-Attacks-XBOX...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 15th Oct, 2011 11:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
They' Really Are Watching You

Your friends may say you're paranoid but this time you might be right.

By Paul Rubens |

Advertising networks, Web analytics companies and just about anyone else who's interested can track your online activity thanks to the unique digital fingerprints your Web browser leaves at every site you visit.

The simplest way that an advertising network can track you is by putting a "third party" browser cookie on your computer when you visit a site to which it supplies advertisements. When you visit another site that uses the same advertising network you can be identified by that cookie. As time goes on, it will build up a picture of your browsing habits

But your browser's cookie storage is not the only place that websites can place information to track you. Researcher Ashkan Soltani recently revealed how San Francisco, CA- based analytics firm KISSmetrics uses "supercookies" -- cookies that recreate themselves (or respawn) -- after they are deleted. This is done using information the company stores in a variety of places such as the storage area on your hard drive used by Adobe Flash (effectively creating a Flash cookie,) a local storage area used by HTML5 (creating a an HTML5 cookie,) and in ETags in your browser cache -- pieces of data that a browser stores to help it work out if the contents of its cache are up to date. They were never designed to store cookie data.

KISSmetrics' system can track your Web usage even if you are using your browser in private mode, have set your browser not to accept cookies, delete your browser's cookies (because they respawn) and even if you use multiple browsers.

If you think things couldn't get any worse, think again. Researcher Samy Kamkar illustrates the point with Evercookie, a Javascript API that produces "extremely persistent cookies in a browser" that would enable a tracking company to identify your browser by replicating standard cookie information in no fewer than 13 different places including

Read more at :-
http://www.esecurityplanet.com/browser-security/th...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 15th Oct, 2011 21:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New Microsoft Security Essentials 2.1 Antimalware Engine Planned for Next Week

Microsoft is planning to refresh the antimalware technology that powers a number of its products, including the free security solution offered to Windows users with genuine copies of the operating system.

The upcoming update to Microsoft Security Essentials 2.1’s antimalware engine will come at approximately a month since the previous refresh.


The software giant has made a tradition out of refreshing MSE as well as a few others AV solutions on a monthly basis, generally after each Patch Tuesday.

The latest update to Microsoft Security Essentials 2.1 is expected in the first half of the next week, according to the Redmond company.

Read more at :-
http://news.softpedia.com/news/New-Microsoft-Secur...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 15th Oct, 2011 22:01
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla Highlights the Steps It Takes to Keep Firefox Add-ons Safe from Malicious Sites

Browser extensions and add-ons are great for extending functionality and customizing the experience to enable users to get the most out of their browsers. Firefox solidified and popularized the concept, leading to all browsers offering some way of extending functionality.

But the flip side of this is that it opens up core parts of the browser and even the system to third-party developers and that it also creates potential vulnerable points in a browser since many add-ons take fewer security precautions than the browsers themselves and add-on developers may be less experienced with these issues as well.


The solution to this is to design the add-on platform in such a way as to remove or limit the danger of exposing powerful functionality to web pages via add-ons.

Mozilla is showcasing some of the things it's done with the Add-on SDK, formerly known as Jetpack, its web technology-based add-on platform to ensure that add-ons aren't a weak point.

The most important thing it's done is to isolate the different layers of functionality and content. The idea is to make it as hard as possible for web content, which is by definition untrusted and could be malicious, to access the browser or the user's system underneath.

Read more at :-
http://news.softpedia.com/news/Mozilla-Highlights-...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 16th Oct, 2011 09:25
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
StaySafeOnline.org Infected with Malware

The security awareness Web site pushed malware to visitors from October 5 to 11.

The National Cyber Security Alliance says the security awareness Web site StaySafeOnline.org hosted a malicious iFrame that pushed malware to visitors from October 5 to 11.

"Security professionals including those from the US based Multi State Information Sharing and Analysis Centre (MS-ISAC) alerted the alliance to the problem," SC Magazine reports.

"Staysafeonline.org was taken offline until the infection was removed," the article states

Go to "Stay Safe Online.org pushes malware" to read the details.

http://www.esecurityplanet.com/malware/staysafeonl...

--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 16th Oct, 2011 09:58
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
EU plan to spend billions on boosting broadband speeds
By David Meyer
Berlin

The European Commission hopes fast broadband will boost the economy just as high speed rail does.
The European Commission is set to propose investing almost €9.2bn (£8bn) in a massive rollout of super-fast broadband infrastructure and services across the European Union.

The plan is partly aimed at stimulating further investment in rural broadband.

It is hoped the initiative will also help to create a single market for digital public services.

The Commission has already set targets for improving the speed of home internet connections across the region.

It aims to get all European households on at least 30 megabits per second (Mbps) by 2020, with half the population enjoying more than 100Mbps, so as to make the continent more competitive and productive.

Read more at :-
http://www.bbc.co.uk/news/technology-15320628


--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 17th Oct, 2011 19:07
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security suffers when firms sue researchers who report flaws
A researcher gets visited by police and threatened by lawyers after finding a flaw in the website of a pension fund. Time for a better way
By Robert Lemos | InfoWorldFollow @infoworld


The disclosure of vulnerabilities has always caused friction between the researchers who find flaws and the software firms who have to deal with fixing defects in their products.

Nowhere is this friction higher than when a researcher finds a flaw in a production website. Last week, for example, Australian security consultant Patrick Webster reportedly found a flaw in the website of pension fund First State Superannuation. Initially the company worked with Webster, but soon the security researcher received a visit from the police and threats from the company's lawyers, according to security site Risky.biz.

Read more at :-
http://www.infoworld.com/t/web-security/security-s...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 17th Oct, 2011 19:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apache announces Openoffice is now an official project

Tries to steady the ship
By Lawrence Latif

THE APACHE SOFTWARE FOUNDATION (ASF) has announced that Openoffice is now an Apache Project.
The ASF said that Openoffice, which will be known as Apache Openoffice.org (incubating), will be developed under the organisation's "meritocratic process informally dubbed The Apache Way". The statement comes after a week in which there were fears that the Openoffice.org project would hit the buffers.
Early last week Openoffice.org issued a distressing press release titled "Open-Source Software Defends Itself Against Looming Shut-Down", essentially asking for donations. The contents of the press release were just as blunt as the title, saying, "In order for OpenOffice.org to continue to be professionally developed, Team Openoffice.org will have to rely on donations."
Since Oracle acquired Sun there have been lingering doubts about whether the company would continue to support Openoffice, which until recently was seen as the primary competitor to Microsoft's Office suite.

Read more at :-
http://www.theinquirer.net/inquirer/news/2117644/a...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 17th Oct, 2011 19:20
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
ICANN steps in to host the timezone database

In the nick of time
By Lawrence Latif
Mon Oct 17 2011, 15:43

INTERNET ADDRESS OUTFIT, the Internet Corporation for Assigned Names and Numbers (ICANN) has taken over hosting the international timezone database.
Last week it was revealed that the timezone database that has for years been maintained by volunteers had been taken offline following a legal dispute with Astrolabe Inc. Now ICANN has stepped up to host the database while knowing full well of the ongoing lawsuit.
Astrolabe argued that the two volunteers should pay royalties for including data from its software. ICANN has said it will keep the historical data in the database it is hosting.
Kim Davis, a technical manager at ICANN told USA Today, "We are aware of the lawsuit ... we believe it's important to continue the operation of the database. We'll deal with any legal matters as they arise."

More at :-
http://www.theinquirer.net/inquirer/news/2117699/i...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 17th Oct, 2011 19:24
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google and CAB team for online security campaign

The campaign will attempt to offer easy-to-understand security information for web users.
By Tom Brewster, 17 Oct 2011 at 12:34

Google has teamed up with the Citizens Advice Bureau (CAB) for an online safety campaign.

The Good to Know campaign will seek to educate people about securing their data and how to manage it more effectively.

A Good to Know website has been set up featuring four different sections. These include how to stay safe on the internet, how people’s data is being used on the web, how information is being used on Google and how users can manage their data better.

Everyone wants to stay safe online, but many people aren’t confident that they know how to.
Information on cookies, malware and mobile security are all included on the site.

More at :-
http://www.itpro.co.uk/636757/google-and-cab-team-...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 17th Oct, 2011 19:31
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Survey: '4 million' Brits stung by ID theft

Average cost to victims reaches £1,190
By John Leyden •
Posted in ID, 17th October 2011 12:46 GMT

Consumers continue to be complacent about identity theft despite growth of the crime, which has claimed four million victims in the UK alone.

The warning from the Metropolitan Police Service comes at the start of National Identity Fraud Prevention Week, which begins today. The seventh edition of the annual event aims to educate people and businesses about the scope of identity theft and its prevention.


According to research commissioned by paper-shredding kit supplier Fellowes, 7 per cent of the UK population (4 million people) have been victims of identity fraud at one time or another. According to the UK’s fraud prevention service CIFAS, 80,000 have been targeted this year. The average cost of an identity theft is £1,190, but some individuals have been stung to the tune of £9,000.

More at :-
http://www.theregister.co.uk/2011/10/17/national_i...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 18th Oct, 2011 10:48
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security Researchers Warn of Malicious Bing Ads

An ad claiming to link to an Adobe Flash download site instead links to the ZeroAccess Trojan.

GFI Software researchers warn that searches on Bing for Adobe Flash can bring up an ad claiming to link to a Flash 10 download site.

"Of course, what those users get isn't Flash, but a kick in the digital teeth in the form of the ZeroAccess Trojan," writes Threatpost's Dennis Fisher. "This piece of malware, also known as Max++ and Sirefef, is a particularly ugly pest and includes some rootkit functionality that gives it the ability to stay resident on an infected machine even after cleanup attempts and reboots."

"ZeroAccess also is being used in an ongoing attack discovered last week by researchers at Dell SecureWorks in which users are redirected from compromised sites to an attack site that installs the Trojan," Fisher writes.

Go to "Malicious Ads on Bing Lead to ZeroAccess Trojan" to read the details.

http://www.esecurityplanet.com/malware/security-re...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 18th Oct, 2011 10:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Zero-Day Vulnerability Found in Opera 11.51

A critical security hole has been found in the latest version of the popular browser, allowing any cybercriminal with the proper know-how to inject and execute a malicious piece of code.


A security researcher, José A. Vázquez discovered the flaw which seems to have been reported initially almost a year ago, but it seems that the issue has not been dealt with yet, possibly because they believed the new variant wasn't susceptible to such an attack.

The H Security reveals that after seeing nothing is done about the weakness, Vasquez published the adapted variant of the exploit to the newer version of Opera, thus forcing the vendor to take immediate measures to patch up the hole.

The error is critical, as in theory, by simply visiting a malicious location, an unsuspecting user's device can get infected with an ill-intended code. The whole thing is caused by a memory flaw when processing SVG content within framesets and even though the attacks performed in the tests were only successful in 3 out of 10 cases, it's certainly enough for a hacker to take advantage.

More at :-
http://news.softpedia.com/news/Zero-Day-Vulnerabil...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 18th Oct, 2011 11:00
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Bitcoin Value Drops Under $3 (€2) After Numerous Hacking Operations

One of the most popular digital currencies has suffered a dramatic decrease in value as a result of the large number of cybercriminal operations that targeted it.

At first, Bitcoin mining Trojans appeared, then security breaches interupted the activity of major exchange sites, after which even the EFF distanced itself. It was all downhill from here as Trojans became more powerful and new sophisticated methods were being developed for cracking blocks.


Each of these events caused a drastic fall in the price of Bitcoins, but after the Mt Gox incident, more and more businesses gave up on using the currency while a large number of related websites were being sold for pennies.

According to BetaBeat, the charts show a constant drop by approximately one dollar each week and if now it reached the under $3 (€2) limit, it will soon lose its entire value.

More at :-
http://news.softpedia.com/news/Bitcoin-Value-Drops...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 18th Oct, 2011 11:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Report Shows DoS Attacks as Hacker's Favorite Weapons

Almost a quarter of all cyber masterminds prefer to use DoS or DDoS attacks, while 19% rely on SQL injections to complete their evil missions.

After doing some digging on a popular hacker forum, the guys at Imperva came up with a report called "Hacker Intelligence Initiative, Monthly Trend Report", that shows these are the favorite means of attack, most deployed by cybercriminals.


Disturbing is the fact that most of the discussions on the tested website refer to tutorials for beginners, tools, programs and methods of hitting a site. Social engineering takes up 3% of the topics and instant messaging hacks come almost last with 2%.

In the past years, the subjects of debate haven't changed that much, but they've considerably increased. Spam, DoS, buffer overflows and zero-day vulnerabilities occupy the first positions when it comes to the growth of conversations.

More at :-
http://news.softpedia.com/news/Report-Shows-Hacker...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 18th Oct, 2011 16:52
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
SSL creator warns of further attacks

Stolen certificates create security nightmares
By Dean Wilson
Tue Oct 18 2011, 13:06
THE CREATOR of Secure Socket Layer (SSL) technology has warned that the system remains as insecure as it was last month when hackers managed to break its security.
A number of SSL certificates were stolen by hackers in September, allowing them to pose as nearly any internet company and helping them break into the Gmail accounts of around 300,000 people, according to the BBC.
Dr Taher Elgamal, the creator of the widely used security protocol, said that little has been done to bump up SSL security since the attacks, which means "it could happen again".
He said that the problem was less an issue of technology and more to do with people, particularly in terms of how many SSL certificate authorities are out there. "There's way too many of them," he said. "Nobody asked the question of what to do if a certificate authority turns out to be bad."
The system, which was developed by Elgamal when he was working at Netscape and subsequently adopted by the Internet Engineering Task Force (IETF) as Transport Layer Security (TLS), employs agencies to hand out unique digital certificates, which identify that a web site really belongs to a certain company or organisation.
This has proven to be one of the strongest methods of defence against hackers until last month when certificates were stolen from Dutch security firm Diginotar.
Despite the flaws, Elgamal does not think that a new system is needed, but that updates to SSL should repair the security holes created recently. He said that adding TLS updates in modern web browsers could help defend against another attack. µ

http://www.theinquirer.net/inquirer/news/2117943/s...

--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 18th Oct, 2011 17:55
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

419 Scam Comes Complete with Website and Board of Directors

An email is roaming the web, announcing the participants of a fabulous winning that makes them millionaires overnight, but instead of dollars, the victims get a lot of malware, lies and an emptied bank account.

419 scams keep getting better and better but somehow they all manage to fail right at the end.


According to GFI Labs blog, the latest scheme involves an email that congratulates you on being the winner of 1 million dollars. To make the whole thing a bit different from the rest of these scams, the victim is advised to share part of the fund with the poor people in his area, since that is the main target of the Hot Diamond Organization.

Once you access their website to claim your prize, you are immediately bombarded with all sorts of pop-ups that urge you to download all types of useful applications, such as Real Player.

The first question that pops up in my mind is “Why would I need Real Player now that I'm rich?”. Nevertheless, we move on and close all the adverts in search of our millions.

Read more at :-
http://news.softpedia.com/news/419-Scam-Comes-Comp...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 18th Oct, 2011 18:01
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle patch batch affects 'hundreds' of products
Some 76 patches will be issued by Oracle on Tuesday, but the most serious fix is for Oracle's Solaris OS

By Chris Kanaracus | IDG News Service

Oracle on Tuesday will release 76 patches affecting hundreds of its products as well as Java SE.

Fifty-six of the patches are aimed at Oracle products, and due to the danger of a successful attack, customers should apply them immediately, Oracle said.

Read more at :-
http://www.infoworld.com/d/security/oracle-patch-b...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 19th Oct, 2011 09:26
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Dev Channel Update
Tuesday, October 18, 2011 | 16:17
Labels: Dev updates

The Dev channel has been updated to 16.0.912.0 for Windows, Mac, Linux, and Chrome Frame.

All
Updated V8 - 3.6.6.3
Native Client and Pepper plug-ins will be able to go use First Person controls for games and other applications after they go full screen and lock the mouse cursor. See PPB_MouseLock::LockMouse.
Mac
Chrome now offers improved battery life on Mac laptops with dual (integrated and discrete) GPUs. Currently the improvement is present on 2011 MacBook Pros running OS X 10.7.1, but will take effect on more machines as OS software updates are released.
Known Issues
Printing does not work - crashes the tab.
Crash in Instant (Issue 100521). Fixed on trunk; workaround is to disable Instant (if it’s already disabled and still crashes, please re-enable and disable, using the checkbox in Preferences -> Basics).
Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 19th Oct, 2011 09:36
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Duqu Trojan a precursor to next Stuxnet, Symantec warns
New malware shares Stuxnet code, targets makers of industrial control systems

By Jaikumar Vijayan
October 18, 2011 03:53 PM ET2 Comments
Computerworld - Security vendor Symantec is warning of a new malware threat that it says could be a precursor to the next Stuxnet.

The new threat, dubbed W32.Duqu, is a remote access Trojan (RAT) that appears to have been written by the authors of Stuxnet, or at least by someone who has access to Stuxnet source code, Symantec said in a report released today.

Read more at :-
http://www.computerworld.com/s/article/9220969/Duq...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 19th Oct, 2011 09:41
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The UK will strike first in cyber warfare, says foreign secretary

Weapons have been developed
By Kate O'Flaherty
Tue Oct 18 2011, 16:18
THE UK has developed weapons to counter the threat from hackers and will strike first to protect itself, according to Foreign Secretary William Hague.
Hague has warned that the Government is investing heavily in deterrents but admitted he could not be certain they would be sufficient in repelling cyber attacks.
He told the Sun, "We will defend ourselves in every way we can, not only to deflect but to prevent attacks that we know are taking place.
"We are trying to prevent an arms race in cyber space. Given that the internet changes every day and billions more people will have access to it over the coming years, the potential for that arms race to grow and go out of control is enormous.
"There is no 100 per cent defence against this, just as there isn't against any other form of attack. We have to defend critical national infrastructure. We have to defend national security. We have to defend our entire commercial and economic system."
Hague added that although the UK Government is determined that such major attacks will not get through, "you now have to assume that they will be attempted".

More at :-
http://www.theinquirer.net/inquirer/news/2118012/u...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 19th Oct, 2011 09:44
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle updates Java to stop SSL-chewing BEAST

Framework declared safe for Firefox
By Dan Goodin in San Francisco • Get more from this author
Posted in Enterprise Security, 19th October 2011 00:49 GMT
Microsoft Office 2010 : Resources for desktop IT professionals
Firefox developers said Tuesday that they have no plans to keep the browser from working with the Java software framework now that Oracle has released a patch that prevents it from being used to decrypt sensitive web traffic.

In a blog post published in late September and updated on Tuesday, Mozilla recommends that Firefox users update their Java plug-in to lower their chances of falling victim to attacks that silently decrypt data protected by the SSL, or secure sockets layer, protocol used by millions of websites. Firefox developers had said previously that they were seriously considering disabling the Java plug-in as a way of preventing the exploit.

More at :-
http://www.theregister.co.uk/2011/10/19/oracle_pat...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 19th Oct, 2011 09:47
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Learn skills, buy Trojans, make new mates
By John Leyden • Get more from this author
Posted in Security, 19th October 2011 07:30 GMT

Certain underground hacking forums are acting as training academies and tech-support networks for cybercriminals as well as creating a marketplace for a vast array of cybercrime tools, say researchers.

Database security firm Imperva has been keeping close tabs on an unnamed hacking message board with nearly 220,000 registered members since 2007. It discovered that the forum is used by hackers of varying abilities for "training, communications, collaboration, recruitment, commerce and even social interaction". Chat rooms are filled with discussions on everything from attack planning to requests for help with specific campaigns. Newbies can use the forums to find "how-to-hack" tutorials.


Meanwhile the forum's marketplace acts as an underground bazaar for the sale of either stolen data or attack tools. Other studies by the likes of Symantec have focused on the price of stolen credit card numbers or licensing prices for ZeuS banking Trojan toolkits, for example. Imperva by contrast has paid closer attention to the content of conversations, picking up clues about evolving hacking tactics and approaches in the process.

More at :-
http://www.theregister.co.uk/2011/10/19/hacking_fo...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 19th Oct, 2011 17:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

'AOL Billing Center' Scam Steals Credit Card Information.
The safety of your personal savings account is again put to the test by hackers who devised a fake AOL Billing Center that requires the user to supply tons of sensitive data.

According to Zscaler Research, a website that offers supposedly free services links you to a place that greets you with a message about how they're working hard to make AOL better.


/>
“We've worked hard to help make America Online even better! However, we have to ask for a NEW credit card so we can update your Billing information. Please be advised this is manditory. If we do not get your updated Billing information, your account will be voided and cancelled,” reads the first message.

Read more at :-
http://news.softpedia.com/news/AOL-Billing-Center-...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 19th Oct, 2011 17:27
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Royal Mail Delivers Trojan
After they've noticed that sending fake emails in the name of UPS or FedEx doesn't work anymore, hackers came up with the idea of using fake Royal Mail messages to spread their malware.


Graham Cluley picked up on a bunch of emails, pretending to come from the delivery company, stating things such as “Error in the delivery address NoXXXX”, “You should come to the Royal Mail office and receive a package”, "Track your shipment NoXXXX”, “Cancellation of the package delivery” and many more ludicrous things.

The victim is then informed that there's something wrong with his package, pointing to the attachment for further details on the problem.

“A courier did not deliver the package to your address. Reason: The package is too large. Information about your package is attached to the letter.Read all information carefully and come to the "Royal Mail" office to receive your package,” reads the message provided by Mr. Cluley.

Once the attachment is opened, you end up with a couple of pieces of malware identified as Mal/BredoZp-B and Mal/EnckPK-AAT.

The first malicious element is actually the same as the one we've recently seen in the YesAsia scheme that's been running around lately.

More at :-
http://news.softpedia.com/news/Royal-Mail-Delivers...

--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 19th Oct, 2011 17:33
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google will redirect all its accounts to SSL search

Makes it slightly harder for web sites to track behaviour
By Lawrence Latif
Wed Oct 19 2011, 15:25
ADVERTISING BROKER Google will use SSL by default for all searches conducted by its logged-in users.
Google introduced an encrypted search service in April 2010, however now all those that login to Google will be redirected to the SSL web site automatically, resulting in search queries that are encrypted. Those that don't login will have to manually navigate to https://www.google.com.
According to Evelyn Kao, product manager at Google, web searches are becoming an "increasingly customised experience" and said that means protection of search results is important. Kao said the encryption of search queries means websites will not know what query users search for on Google, which should put a spanner in the works for some web sites' search engine optimisation techniques.
In the past year Facebook and Twitter have also announced support for SSL, with Google having said that it planned to modify more of its services to use SSL.
The need for encryption has grown due to the use of WiFi and other wireless networks to connect to services. While search data might be relatively public anyway - after all Google has a record of what each user searches for - accessing email and logging onto online services such as Facebook, Twitter or Gmail using plaintext transfer is very risky. µ

http://www.theinquirer.net/inquirer/news/2118387/g...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 19th Oct, 2011 18:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 19th Oct, 2011 18:19
South African Bank's Name Used in Phishing Campaign
Bank account phishing seems to be at an all time high, the names and reputations of many institutions being used in the latest schemes.

MalwareCity discovered another hoax that replicates almost perfectly the official website of Nedbank, one of the largest banks in South Africa.

It looks as the banks customers are faced with a link that's supposed to take them to a page that will allow them to verify their account details. The rogue replica is filled with malicious scripts that make sure all the information provided by the unsuspecting victim is transmitted to the hackers that launched the phish.

The repository's name or the country are not that important. What's really important is the fact that cybercriminals just don't give up when it comes to stealing your credentials and other sensitive data. Keep them protected by avoiding any emails that seem suspicious, even if they seem to be coming from a legitimate institutuon.

http://news.softpedia.com/news/South-African-Bank-...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 19th Oct, 2011 18:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Gmail Users Targeted by Rogue Password Recovery Tool
By John E Dunn, techworld.com Oct 19, 2011 3:45 pm

Consumers trying to recover forgotten Gmail passwords have been reminded not to use the widely-circulating Gmail hacker Pro software, which claims it can recover passwords for a fee.

Webmail password recovery scams are nothing new but this particular one can turn up in several guises, starting with the simple fee scam uncovered by GFI Labs.

Gmail Hacker claims it can search the hard drive for the forgotten Gmail password, returning it for a fee of $29.99 (£19), in spite of the fact that Google itself offers the same password recovery and reset for nothing using its own service.

The program "processes" the user's Gmail address before demading the payment in return for a generated key.

"Clearly, this is designed to extract a tidy sum of money from unwitting users, and we'd like to save you, Dear Reader, the trouble of wanting to try it out. We categorize GMail Hacker Pro as a Trojan under the detection name GmailHackerPro.pj!.1a.," says GFI in a new blog.

More at :-
http://www.pcworld.com/article/242149/gmail_users_...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 20th Oct, 2011 07:37
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Wednesday, October 19, 2011 | 16:48
Labels: Beta updates
The Beta channel has been updated to 15.0.874.100 for Windows, Mac, Linux, and ChromeFrame platforms



All
Updated V8 - 3.5.10.22
Numerous buffering fixes and optimizations for HTML5 media elements. (99775, 99749, 100439)
Tuned the omnibox to recognize more types of inputs as intranet navigations (99131, 94806)
Fixed several crashes and hangs (98975, 98948, 98955, 96861)
Fixed Omnibox enters keyword search mode incorrectly (95454)
Linux
Fixed partially visible toolbar in fullscreen mode (97177)
More details about additional changes are available in the svn log of all revisions.

You can find out about getting on the Beta channel here: http://dev.chromium.org/getting-involved/dev-chann...

If you find new issues, please let us know by filing a bug at http://code.google.com/p/chromium/issues/entry

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 20th Oct, 2011 20:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe to fix Flash flaw that allows webcam spying
The flaw is similar to one disclosed in 2008
IDG News Service - Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.

The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher.

Technically known as user interface (UI) redressing, clickjacking is a type of attack that combines legitimate Web programming features, like CSS opacity and positioning, with social engineering to trick users into initiating unwanted actions.

More at :-
http://www.computerworld.com/s/article/9221052/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 20th Oct, 2011 20:59
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Fake AVG Download Sites Steal Bank Accounts

Rogue AVG offering sites are designed to look serious and genuine but in fact, they're only after your credit card information and as a bonus you might even receive a malicious virus.

Instead of installing pieces of scareware on the computers of unsuspecting victims, cybercriminals decided to deploy genuine looking sites that seem to sell already popular security products.


Zscaler came across a large number of websites that appear to be commercializing the well-known AVG Antivirus. While some of them ask for as much as $70 (50 EUR) for a complete package, others give it away for free, but ask for a maintenance fee.

Either way, all you end up with is an emptied bank account and a compromised credit card.

More at :-
http://news.softpedia.com/news/Fake-AVG-Download-S...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 21st Oct, 2011 12:51
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Anonymous Hackers Hit Child Porn Web Sites

The hackers say they've taken down 50 sites and leaked the names of more than 1,500 users.

Members of Anonymous claim to have taken down more than 50 child pornography Web sites and leaked the names of more than 1,500 members of one of the sites.

"The Anonymous campaign began Oct. 14, when members of the hacktivist group found a cache of child-pornography websites while browsing a secret website called the Hidden Wiki, a guidebook to hundreds of underground websites invisible to search engines and regular Internet users," writes SecurityNewsDaily's Matt Liebowitz.

"The hackers singled out Lolita City, a file-sharing site used by pedophiles, and leaked the names of the site's 1,589 active members to Pastebin on Tuesday (Oct. 18), the Examiner reported," Liebowitz writes.

Go to "Anonymous Hackers Take Down Child Porn Websites, Leak Users' Names" to read the details.

http://www.esecurityplanet.com/hackers/anonymous-h...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 21st Oct, 2011 12:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Detecting Malicious Traffic in HTTP Headers

New research effort could yield a never-seen-before type of detection mechanism for malicious traffic.

By Sean Michael Kerner |

In the battle against malicious traffic and infected websites, security researchers are always looking for new avenues of detection. According to Trustwave Security Researcher Rodrigo Montoro, one such approach could come from an analysis of HTTP headers to detect potentially malicious traffic.

Speaking at the SecTOR security conference in Toronto, Montoro detailed his approach toward scoring HTTP headers to help identify infected websites. Montoro explained that a signature-based approach can't scale properly, which is why he set out to find a new way forward.

Every time a Web browser connects to a website over HTTP, the HTTP transaction sends information about the connection in the header of the connection. HTTP header fields include things like the user-agent, content-type and cookie information.

"HTTP is everywhere and malware is using a lot of HTTP traffic," Montoro said. "The idea is that scoring works and is a simpler way to detect malware."

According to Montoro, malicious connections tend to do certain things wrong with HTTP. They reuse shared code and they often have uncommon user-agents, or no user agents at all. Malicious sites often have partial headers that are generally smaller in size than normal browser traffic. Additionally, the use of uncommon header types could be an indicator of malware infection.

Read more at :-
http://www.esecurityplanet.com/news/looking-for-ma...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 21st Oct, 2011 13:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Skype lets hackers track your BitTorrent downloads

Internet stalking courtesy of P2P
By Dan Goodin in San Francisco • Get more from this author
Posted in Security, 21st October 2011 05:11 GMT

Scientists have devised a stealthy and low-cost way to track the internet protocol addresses of tens of thousands of Skype users, and link the information to their online activities such as the sharing of specific files over BitTorrent.

The method, which is laid out in a recently published academic paper, works even when Skype users have configured their accounts to accept calls only from people in their contact lists. It also works against Skype users who aren't currently logged in, as long as they've used the VoIP program in the past three days. The system is able to link an individual Skype user to specific BitTorrent activity, even when they share the IP address with others over a local area network that uses NAT, or network address translation.

Read more at :-
http://www.theregister.co.uk/2011/10/21/skype_bitt...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 21st Oct, 2011 13:08
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

October 21st, 2011, 08:57 GMT · By Eduard Kovacs
Adobe Fixes Webcam and Microphone Spying Issue

Adobe released the much expected update that would fix the problem pointed out by a Stanford University student, which revealed to the world that any website administrator can easily spy on his customers using a bug in the Flash Settings Manager.


According to V3, Adobe blamed the communication error between them and Feross Aboukhadijeh, the one who discovered the issue, on the fact that the student sent his findings to an employee that was off duty at the time.

They mention that the information was supposed to be sent to their incident response team instead.

"The email with the report was sent to an Adobe employee who has been on sabbatical. The issue was not reported to the Adobe Product Security Incident Response Team (PSIRT), which is the contact for all vulnerability reports," revealed a company spokesman for V3.

Because the actual update process was required on their servers, users don't have to apply any patches or updates manually.

More at :-
http://news.softpedia.com/news/Adobe-Fixes-Webcam-...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 21st Oct, 2011 13:15
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

October 20th, 2011, 13:47 GMT · By Eduard Kovacs
Mobile Malware Pops Up on Desktop Computers

There are a number of ways in which mobile malware can show up on a PC, lately many situations presenting themselves for these malevolent apps make their appearance on desktop computers.

The Microsoft Malware Protection Center has been constantly checking the frequency of different threats that normally target mobile platforms.


Their latest report shows that mostly Symbian targeting malicious elements are discovered, the mobile versions of Zeus and SpyEye being the most notable detections. The duo is mainly designed to steal data, especially account credentials, which are transmitted to the masterminds behind the operations, allowing them to access out digital assets.

Java ME occupies the second position, mostly because of the flexibility these malevolent components present. The majority of the detections are built to earn a profit for hackers by sending SMSs to premium-rate numbers without the user's knowledge.

Curiously, even though the Market is famous for serving rogue software, the malware numbers that targets Android are relatively low. However, if compared to the figures that relate only to Android threats, a considerable difference can be spotted.

When it comes to Windows Mobile, only three new players have been seen in comparison to the previous year. While TrojanDownloader:WinCE/MobUn.A and Trojan:WinCE/MobUn.A work together on sending text messages to premium numbers, Trojan:WinCE/Zitmo.A places itself on the device allowing the one that controls it to change settings. Zitmo alerts its master of its presence, who then uses incoming SMSs to indicate commands that are performed on the phone.

iOS and RIM come in last, with no major modifications compared to last year.

Because smartphone owners rarely deploy security solutions on their devices, malicious elements remain undetected until the phone is connected to a computer, but at that point, it could already be too late. This is why it's highly advised that you install at least an anti-virus app on your machine to protect it from malevolent elements.

http://news.softpedia.com/news/Mobile-Malware-Pops...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 22nd Oct, 2011 12:06
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Among the highlights of the previously released beta for Chrome was optimization of HTML5 media elements and an improved Omnibox. Chrome Beta 15.0.874.102 has been rolled out with the purpose of fixing tab crash issues.

Although this version is available for all supported platforms (Windows, Linux Mac and Chrome Frame), the issues fixed in it occurred only on Microsoft’s platform and on Linux.

On Windows, the infamous “Aw, Snap!” message would occur when navigating to certain web address.

First reported in March, the problem seemed to be with the timer in WebKit, which would trigger twice instead of just one time. But that was only part of the issue, because in late June the bug was spotted again.

Getting to the root of the trouble took a while, as the bug report dates from March this year, and it seems to no longer appear in Chrome Beta.
http://news.softpedia.com/news/Chrome-Beta-15-0-87...


--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 22nd Oct, 2011 12:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

World's most sophisticated rootkit is being overhauled
New variants don't make obvious modifications to the MBR

By Lucian Constantin
October 21, 2011 09:50 AM
IDG News Service - Experts from security vendor ESET warn that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection.

"ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution," announced David Harley, the company's director of malware intelligence.

"Based on the analysis of its components we can say that some of those components have been rewritten from scratch (kernel-mode driver, user-mode payload) while some (specifically, some bootkit components) remain the same as in the previous versions," he noted.

Harley and his colleagues believe this suggests a major change within the TDL development team or the transition of its business model toward a crimeware toolkit that can be licensed to other cybercriminals.

TDL, also known as TDSS, is a family of rootkits characterized by complex and innovative detection evasion techniques. Back in July, malware analysts from Kaspersky Lab called TDL version 4 the most sophisticated threat in the world and estimated that the number of computers infected with it exceeds 4.5 million.

Read more at :-
http://www.computerworld.com/s/article/9221084/Wor...

--
Was this reply relevant?
+0
-0
mogs CClip 105
Expert Contributor 22nd Oct, 2011 12:18
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Which Browser is the Most Secure?

The 'most hostile' one, say researchers at Accuvant Labs.

By Sean Michael Kerner | October 21, 2011

For as long as there has been more than one browser, users have been asking which browser is more secure. Answering the question has often led to an evaluation of publicly disclosed vulnerabilities and determining how long it takes a browser vendor or organization, to patch.

According to a pair of security researchers from Accuvant Labs speaking at the SecTOR security conference in Toronto this week, there needs to be a more holistic and thorough view of browsers to fully understand security risks.

"The browser is the most critical application that we all use and in some cases it's the only application we use," Shawn Moyer, managing principal research consultant with Accuvant said. "The browser decision is one of the most important you can make on your computer."

Moyer noted that the majority of modern exploits target the browser and Web applications that run within the browser. The Accuvant research is still a work in progress, though Moyer said the goal at this point is to provide some information about the approach to understanding the browser attack surface.

Read more at :-
http://www.esecurityplanet.com/browser-security/wh...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Expert Contributor 22nd Oct, 2011 12:24
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Forget Stuxnet and Duqu -- hackers still score with old-school attacks
New malware hogs the attention, but bad passwords and basic vulnerabilities are more likely to sink enterprise systems
By Taylor Armerding | CSO


Everybody in IT knows it is a dangerous world out there, filled with an endless variety of cyber attacks aimed at compromising and taking advantage of security flaws.

But there is still a persistent lack of awareness of specific threats and how best to confront them, according to Rob Havelt, director of penetration testing for Trustwave, an international provider of information security and compliance solutions.

The irony, he says, is that it is not necessarily the newest, scariest malware or hack technique that can compromise an enterprise.

CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

"You see people get whipped up into a frenzy about the latest technique that requires all kinds of technical skill to exploit," he says, "while ignoring stuff that has been around since forever. One of the most common things we find on an internal network is bad password policy -- egregious things like 'admin' for an administrative password, or that the system administration password is blank."

More at :-
http://www.infoworld.com/d/security/forget-stuxnet...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Expert Contributor 22nd Oct, 2011 12:28
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google's Gmail revamp is leaked

Google+ integration evident
By Lawrence Latif
Fri Oct 21 2011, 17:08

EMAIL SERVICE Gmail will receive a facelift according to a leaked video.
Google's popular Gmail service will receive cosmetic changes that include the ability to automatically change the layout according to window size and the ability to alter the density of items shown on the screen. There are also changes to the look and feel of Gmail threads, which now look a bit more like Google+ conversations.
Google will change the look of Gmail to match its corporate branding of flatter icons, however the layout will remain much the same. There has been a move towards ditching Javascript where possible and embracing HTML5, with the latest changes suggesting further HTML5 integration.
For Google, Gmail is one tool that its social networking rivals, Facebook and Twitter, simply don't have. If, as the video is implying, there's greater integration with Google+ then it marks a logical move to push Google+ to the vast number of Gmail users.

More at :-
http://www.theinquirer.net/inquirer/news/2119296/g...

--
Was this reply relevant?
+0
-0
mogs CClip 108
Expert Contributor 22nd Oct, 2011 15:15
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

October 22nd, 2011, 12:29 GMT · By Lucian Parfeni
Google Chrome 17 Is Coming Soon, Chromium 17 Is Already Here.
Google is getting ready for the regular three channel push for Google Chrome. Google Chrome 17 should be landing in the dev channel next week, the week after that at the latest.

In the meantime, Chrome 16 will be pushed to the beta channel and Chrome 15 will be made available to the 200 million people using the Google browser worldwide.


The latest Chromium builds are already labeled as Chromium 17. At the same time, the Chrome dev channel build is seeing only minor increments, going from Chrome 16.0.912.0 to Chrome 16.0.912.4.

That's the usual sign that the team has shifted from new features to focusing on bug fixes to get Chrome 16 ready for the beta channel.

Whichever Chrome you use, the next week or so promises to bring new features and capabilities, plus plenty of fixes for the unstable channels.

The big launch will be Google Chrome 15 stable, that's the one that will affect the most people. Probably the most visible change in Chrome 15 is the revamped New Tab Page.

The redesigned New Tab Page looks a lot slicker than the current one Chrome stable users get, but it's been rather buggy as well. The latest tweaks to the new tab page have removed the hated Bookmarks section and brought back the bookmarks bar, from the previous version of the NTP.

The bookmarks section proved rather buggy, but that was fixable, the bigger problem was that people really wanted their bookmarks to be reachable the first time they open a new tab page, regardless of which section they used last, Apps, Most Visited or Bookmarks.

Of course, the NTP is not the only thing that's new in Chrome 15, there are plenty of other, albeit smaller, new features landing as well. Expect a big announcement coming soon.

At the same time, those wanting to stay on the cutting edge have more things to play with as new features are introduced in Chrome 16 and, of course, the upcoming Chrome 17. There are plenty of experimental ones in particular, available from chrome://flags and not enabled by default.

http://news.softpedia.com/news/Google-Chrome-17-Is...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Expert Contributor 22nd Oct, 2011 21:05
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The Most Interesting Things in Google Chrome 17 Are Hidden Behind Flags
Google Chrome is always getting small updates and new features, but since these trickle in over time, especially if you're using one of the testing versions of Chrome, it's hard to notice changes.

But old time Chrome users know that the best things are always hidden away, if you want to be on the cutting edge, it's not enough to use the dev channel version of Chrome or even the Chromium 'nightly' builds, the really interesting stuff is in the 'Flags' section.

Note that anything in there is experimental and likely to break, so if you're looking for stability, chrome://flags is not for you. That said, here are some of the cool things coming soon (possibly) to Google Chrome.

Read more here :-
http://news.softpedia.com/news/The-Most-Interestin...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Expert Contributor 22nd Oct, 2011 22:34
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 22nd Oct, 2011 22:35
A computer security firm warned on Friday that cybercriminals were attempting to exploit Agence France-Presse photos of slain Libyan dictator Moamer Kadhafi in an email scam.

The email contains malware designed to infect personal computers running the Windows operating system, said Graham Cluley, a senior technology consultant at British-based computer security company Sophos.
"Hackers have spammed out an attack posing as pictures of (Kadhafi's) death, tricking users into believing that they came from the AFP news agency and are being forwarded by a fellow Internet user," Cluley said in a blog post.
Cluley said the scam email purports to be from "AFP Photo News" and offers "bloody photos" of Kadhafi's death.

More at :-
http://www.physorg.com/news/2011-10-hackers-afp-ph...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Expert Contributor 22nd Oct, 2011 22:41
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
German scientists say they expect pieces of a defunct satellite hurtling toward the atmosphere to hit Earth this weekend.

Andreas Schuetz, a spokesman for the German Aerospace Center, said Friday the best estimate is still that the ROSAT scientific research satellite will impact sometime Saturday or Sunday.
The center says parts of the minivan-sized satellite will burn up during re-entry but up to 30 fragments weighing a total of 1.87 tons (1.7 metric tons) could crash into the Earth with a speed of up to 280 mph (450 kph).
The satellite orbits the Earth every 90 minutes and scientists can only say that it could hit Earth anywhere along its path, between 53-degrees north and 53-degrees south - a vast swath of territory that includes much of the planet outside the poles.

http://www.physorg.com/news/2011-10-german-satelli...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Expert Contributor 23rd Oct, 2011 08:10
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
AVG: Hacktivism is slowing down business
By Tom Espiner, ZDNet UK, 22 October, 2011 12:00

Q&A
Czech security company AVG has about 98 million customers and users worldwide, thanks in large measure to its highly popular free antivirus software.

AVG's footprint as one of the planet's largest antivirus vendors gives it a good view of the threat landscape, according to the company. Its free product drives its paid-for business software, which is aimed at small businesses.

In recent years, a salient trend in cyberattacks has been online activism, which some commentators have labelled 'hacktivism'. Attacks by hacking groups such as Anonymous and LulzSec, which are designed to draw attention to political or other causes, have garnered numerous headlines over the past year. Anonymous and LulzSec have attacked organisations ranging from Visa to the UK Serious Organised Crime Agency (Soca).

AVG chief executive JR Smith, who used to own the Telecoms Solutions Group, talked to ZDNet UK about hacktivism, government responses to cyberattacks, and mobile security issues.

Read more at :-
http://www.zdnet.co.uk/news/security/2011/10/22/av...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Expert Contributor 23rd Oct, 2011 08:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Handy tips for Windows 7, XP and Vista users
Want to speed up your mouse, adjust program volume, create DVD slideshows, Disable Caps Lock or free up disk space? We've listed 20 'how to' tips to help you
James Temperton PC help Windows 22/10/2011.


Read more: http://www.computeractive.co.uk/ca/pc-help/2108506...


--
Was this reply relevant?
+0
-0
mogs CClip 114
Expert Contributor 23rd Oct, 2011 08:27
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows Services ~ Includes complete explanations of each service and advice on which services you can safely disable.

Windows 8 Service Configurations ~ Updated: October 22, 2011
Windows 7 Service Pack 1 Service Configurations ~ Updated: December 16, 2010
Windows Server 2008 R2 Service Configurations ~ Updated: August 5, 2010
Windows Vista Service Pack 2 Service Configurations ~ Updated: June 24, 2010
Windows XP x64 (64-bit) Service Pack 2 Service Configurations ~ August 5, 2010
Windows XP x86 (32-bit) Service Pack 3 Service Configurations ~ Updated: June 24, 2010
Windows 2000 Service Pack 4 Service Configurations ~ Updated: February 26, 2009

See these items and more at :-
http://www.blackviper.com/

--
Was this reply relevant?
+0
-0
mogs CClip 115
Expert Contributor 24th Oct, 2011 10:56
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft's Official Youtube Channel Hacked

The Redmond company's official Youtube channel was overtaken by some cybercrooks that deleted all the videos and replaced them with short clips.

Youtube channel hacks seem to be the new trend among cybercriminals and after Sesame Street was compromised to serve adult movies, Microsoft's page featured a lot of short advertisements which called out to internauts asking for video responses.


Now the profile is almost fully restored to its original state, but according to Graham Cluley, during the hit there were some interesting messages posted.

More to read at :-
http://news.softpedia.com/news/Microsoft-s-Officia...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Expert Contributor 24th Oct, 2011 10:59
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

LG Australia Website Hijacked and Defaced

LG Australia representatives found out that their "security is 0%" after their website was hijacked and defaced by a “Website Security Exploit Team”.

According to The Sidney Morning Herald, a hacker team called Intra seems to be responsible for the hit which revealed the weak security measures implemented by the website's administrators.


Because only lge.com.au was taken down, until the problem is fixed, all the traffic was redirected to lg.com.au which wasn't affected in any way by the hacking operation.

"It seems as though your website has been hacked. How did we get past your security? ... What security? ;)," read a note on the defaced page.

Security experts believe that the operation was possible after the attackers managed to compromise the webserver that was hosting the site.

More at :-
http://news.softpedia.com/news/LG-Australia-Websit...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Expert Contributor 24th Oct, 2011 11:04
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Widely used encryption standard is insecure, say experts
XML encryption, used to secure communications between Web services, can be exploited so that sensitive information is decrypted

By Lucian Constantin

IDG News Service - A weakness in XML Encryption can be exploited to decrypt sensitive information, researchers say.

XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat. Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC (cipher block chaining) mode. They plan to present their findings in more detail at the ACM Conference on Computer and Communications Security later this year.

Read more at :-
http://www.computerworld.com/s/article/9221122/Wid...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Expert Contributor 24th Oct, 2011 12:06
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 24th Oct, 2011 12:06

The PlayStation 3 has, reportedly, been hacked once again, through a brand new 'jailbreak' device called JB2, which is now being tested out by people in Indonesia, of all places.


Sony has had quite a lot of problems at the beginning of the year with security on the PlayStation 3, as groups of hackers finally managed to crack its encryption and allowed owners to run any sort of code on the home console, from homebrew applications to illegal copies of actual games, effectively kicking off a wave of piracy on the PlayStation 3.

Sony cracked down on these efforts, releasing multiple firmware updates that shut off hackers from accessing crucial systems on the console, while actively engaging those responsible for opening up the console, including hackers like George 'GeoHot' Hotz, who was caught in a lengthy lawsuit against the company.

Now, it seems that Sony should get ready for another wave of piracy, as several reports, via Digital Foundry, are now saying that the security systems on the PS3 have been foiled yet again through a new jailbreak device.

Read more at :-
http://news.softpedia.com/news/PlayStation-3-Hacke...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 24th Oct, 2011 17:24
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
RSA attackers targeted ‘760 other organisations’

Facebook and Google were also targets of the RSA attackers, a list indicates.
By Tom Brewster, 24 Oct 2011 at 13:29

The hackers who hit RSA also attempted to hack over 760 other organisations, including almost 20 per cent of the current Fortune 100, a report has indicated.

RSA revealed in March it was hit by an advanced persistent threat (APT) , compromising details of its SecureID token offering and potentially placing its customers in danger.

Security experts had claimed the RSA attackers would have gone after a host of other firms. Now the Krebs on Security blog has revealed the extent of how many were hit.

Following the RSA breach, security experts were summoned to US Congress to discuss APTs and it was there a list of targeted companies was shared.

The listed firms had networks that were communicating with the same command and control (C&C) infrastructure used in the RSA hack. There were more than 300 C&Cs used in the attacks, the majority of which were located in China.

More at :-
http://www.itpro.co.uk/636922/rsa-attackers-target...

--
Was this reply relevant?
+0
-0
mogs CClip 120
Expert Contributor 24th Oct, 2011 17:35
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Private Information of 9 Million Israelis Stolen and Posted Online

A contract worker of the Israeli Ministry of Labor and Welfare allegedly stole the personal information of 9 million people from the Population Registry and sold it to a private buyer.

According to The Jerusalem Post, the suspect copied ID numbers, names, addresses and other data that was then utilized to create an application called Argon 2006.


This piece of software allowed the information to be further sold based on certain parameters. Queries could be drawn up and particular individuals could remain exposed, such a tool representing gold for shady marketers, identity thieves and hackers.

The enormous quantity of data contained info on minors and even deceased people and their familial relations. The database later ended up on the Internet along with a detailed website that precisely described the proper way of using the software.

More at :-
http://news.softpedia.com/news/Private-Information...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Expert Contributor 24th Oct, 2011 19:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Canary now at 17.0.917.0 !!! Chrome Release Channels
Contents
1 Channels
1.1 Windows
1.2 Mac
1.3 Linux
2 How do I choose which channel to use?
3 What should I do before I change my channel?
3.1 Back up your data!
3.2 Enable anonymous usage statistics
4 Reporting Dev channel and Canary build problems
5 Going back to a more stable channel
Chrome supports a number of different release channels. We use these channels to slowly roll out updates to users, starting with our close to daily Canary channel builds, all the way up to our Stable channel releases that happen every 6 weeks roughly.
Channels

Windows

Stable channel for Windows
Beta channel for Windows
Dev channel for Windows
Canary build for Windows (Note, this will run in parallel to any other Chrome channel you have installed, it will not use the same profile)

Read more at :-
http://www.chromium.org/getting-involved/dev-chann...

--
Was this reply relevant?
+0
-0
mogs CClip 122
Expert Contributor 24th Oct, 2011 22:46
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

October 24th, 2011, 17:32 GMT · By Eduard Kovacs
EyeWonder Ads Cause XSS Vulnerabilities

All the websites that include a piece of code used by EyeWonder for advertising can be easily overtaken by a hacker an injected with arbitrary code.

A programmer called David Lynch discovered the flaw with the help of a co-worker and to demonstrate the concept he made the images on popular websites such as CNN, The New York Times and Fox News spin.


"If I was malicious I could be harvesting your cookies from them, redirecting you to phishing sites, recording everything you type, or just snooping on everything you view,” Lynch reveals.

“As an example of why someone might want to do this... in the case of these particular sites, stealing your cookies (document.cookie) would let me post comments as you. I could thus spam those sites using legitimate accounts that I don't have to go through the hassle of creating myself.”

It seems as a lot of websites include the advertisement code, thus being susceptible to an attack coming from a cybercriminal that's out to have some fun.

According to Lynch, the fix is pretty easy, the over-permissive input being the one to blame for the vulnerability.

“A little bit of checking of the input, to restrict it to scripts hosted only on known-trusted domains would be enough to make exploiting it almost impossible,” he reveals.

I tried to contact EyeWonder to see what they have to say about the matter but, as expected, they didn't reply. This sort of situation gives away the true identity of a business and unfortunately, on many occasions, the picture they provide is not pretty.

Website owners who collaborate with them should quickly resolve the issue or contact the company for assistance as such a vulnerability can have serious consequences.

Ads have been a topic of discussion on many occasions lately and security solutions providers who took note of these types of weaknesses rushed to release products that can detect malicious advertisements and closely monitor any related activities.

http://news.softpedia.com/news/EyeWonder-Ads-Cause...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Expert Contributor 25th Oct, 2011 08:59
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Taiwan Tops List for Attack Traffic

New Akamai report points the finger at Asia-Pacific for most attack traffic.

By Sean Michael Kerner |

Internet attacks can come from anywhere in the world, though according to a new report from Akamai, it's more likely that the Asia Pacific region is to blame.

Akamai's second quarter 2011 State of the Internet report, identifies the top source of attack traffic as well as which server ports are being targeted. For the second quarter, Taiwan topped the list of countries for attack traffic representing 10 percent of all global attack traffic, up from nine percent in the first quarter of 2011.

Myanmar (formerly known as Burma) held the top spot last quarter with 13 percent. In the second quarter, Myanmar fell to the number two slot, accounting for nine percent of attack traffic. In the first quarter, David Belson, author of the Akamai report told InternetNews.com that he wasn't sure if Myanmar would remain at the top of the list for the second quarter. Myanmar did not rank in the top ten for attack traffic in 2010. The U.S. placed third at 8.3 percent, China fourth at 7.8 percent and Russia round out the top five list coming in at 7.5 percent.

On a global basis, Akamai reported that 47 percent of all attack traffic observed by Akamai came from the Asia Pacific region. In contrast, 30 percent came from Europe, 20 percent from the Americas and only 3 percent from Africa.

Read more at :-
http://www.esecurityplanet.com/network-security/ta...

--
Was this reply relevant?
+0
-0
mogs CClip 124
Expert Contributor 25th Oct, 2011 09:31
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

October 25th, 2011, 06:44 GMT · By Eduard Kovacs
Autocomplete Feature Leaves Browsers Vulnerable

Since it's possible to get key up and key down events through JavaScript when a drop-down autocomplete menu is displayed, an ill-intended cybervillain can steal arbitrary values from a browser's autocomplete feature.

Researchers from Minded Security Labs believe that most of the browsers are susceptible to the attack and they even published a small web application that acts as a proof of concept, showing that all the versions of Firefox are completely exposed.


Internet Explorer is just as weak but Google Chrome seems to be just a bit more protected as it doesn't send these events to JavaScript when the autocomplete dropdown menu is focused. This doesn’t make it completely foolproof, but at least a potential attack is not as easy to perform as in Firefox or IE.

The proof of concept, unfortunately, is easy to integrate in any web game placed into a simple HTML page. By making a game in which the user has to press the up and down arrows on his keyboard, what seems to be a simple online app, turns out to be a highly effective data stealer.

It can practically steal any information you ever typed inside a browser, including account names, search words and a lot more.

In order to fix this issue, vendors should “tie the information a site asks via autocomplete inputs to the site itself.” Since so far they don't check the origin of the input tag, the web application remains vulnerable to a malicious script.

Until vendors take a stand, internauts are recommended to disable the autocomplete feature on forms from the browser's setting window.

Hopefully, now that the issue is again out in the open, Mozilla, Microsoft and all the others who feel their products are vulnerable to such an attack will take the necessary steps in fixing the problem. In the meantime, make sure not to play any suspicious games that urge you to press the up and down keys.

http://news.softpedia.com/news/Autocomplete-Featur...

--
Was this reply relevant?
+0
-0
mogs CClip 125
Expert Contributor 25th Oct, 2011 15:04
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 25th Oct, 2011 15:10
ICO to make enquiries into El Reg email snafu

The Register accidentally sends out email addresses and names of 46,524 of its readers.
By Tom Brewster, 25 Oct 2011 at 10:49

The Information Commissioner’s Office (ICO) is to look into a data blunder at The Register tech publication, which saw email addresses and names of thousands of readers exposed.

The Register accidentally sent 3,521 people the names and email addresses of 46,524 readers between 08:58 and 10:20 BST yesterday.

In a contrite tone, somewhat different from its typically irreverent manner, the publication took to its website to explain why the error occurred.

“Obviously, this was an error. The two-stage send process that is the norm for all of our mailers was over-looked because someone was in a hurry,” the Register said.

“We would like to offer our genuine and humble apologies for the error. If you would like to vent at that someone, their email address is here: data@theregister.co.uk.”

The Register was quick to contact the ICO about the breach. The data protection watchdog said it will investigate the matter before it takes any action.


Read more at :-
http://www.itpro.co.uk/636958/ico-to-make-enquirie...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Expert Contributor 25th Oct, 2011 15:14
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

THC SSL DOS Tool Can Take Down a Server from a Single Laptop

A German hacker group released a hacking tool that by making use of a flaw in SSL Renegotiation can easily take down a website with minimal resources.

The group known as The Hacker's Choice (THC) released a proof of concept that will further force vendors to patch up the issues that revolve around the use of SSL.


“We decided to make the official release after realizing that this tool leaked to the public a couple of months ago,” revealed a member of THC.

Unlike the traditional DDoS which requires a large number of bots, the new TCH SSL DOS utility needs only a handful of bots to take down a website and a single laptop to quickly exhaust the resources of a server.

“We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century,” said one of the group's members.

More at :-
http://news.softpedia.com/news/THC-SSL-DOS-Tool-ca...

--
Was this reply relevant?
+0
-0
mogs CClip 127
Expert Contributor 25th Oct, 2011 19:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK


Chrome Stable Release
Tuesday, October 25, 2011 | 09:04
Labels: Stable updates

The Google Chrome team is happy to announce the arrival of Chrome 15.0.874.102 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 15 contains some really great improvements including a new New Tab page.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$500] [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel.
[88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel.
[90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak.
[91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.
[94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz.
[95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa.
[95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company.
[$12174] [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov.
[96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).
[$1000] [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
[97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community.
[$6337] [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz.
[$2000] [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
[$1500] [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov.
[$1000] [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz.
[$2000] [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
[99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community.
[100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean.
The bugs [94487], [96292], [96902], [97599], [98064], [98556], [99294], [100059], [99138] and [99211] were detected using AddressSanitizer.

Although Chrome is not directly affected by the attack, the NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue. The lighttpd project fixed a compatibility issue at version 1.4.27 and newer.

In addition, we would like to thank S&#322;awomir B&#322;a&#380;ek and Aki Helin of OUSPG for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.


Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 128
Expert Contributor 25th Oct, 2011 20:39
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mitsubishi Cyberattack Leaks Nuclear Power Plant Data

The recent Mitsubishi attack was highly analyzed by the media and by specialists, but now it turns out that the damage is far more severe than originally estimated. Information on fighter jets, submarines, nuke plants and even missile systems might have been leaked as a result of the hit.


The Asahi Shimbun informs us that recent inquiries revealed that tons of information was transmitted from the company's computers to someone from outside.

More at :-
http://news.softpedia.com/news/Mitsubishi-Cyberatt...

--
Was this reply relevant?
+0
-0
mogs CClip 129
Expert Contributor 25th Oct, 2011 20:46
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Spammers using public URL shortening service to evade detection
by Phil Muncaster

Spammers have built their own public URL shortening services to embed short links into unsolicited messages in the latest attempt to bypass traditional security defences, according to this month's Symantec Intelligence Report (PDF).
October's report found that the global ratio of spam in email traffic actually fell by 0.6 per cent to 74.2 per cent. However, the use of free, open source URL shortening scripts to conceal links to spam sites in emails could increase success rates, the security firm said.

Symantec first revealed that spammers were using what appeared to be their own URL shortening services back in May, although in effect these were a "poor man's version" of such services, according to Symantec senior intelligence analyst Paul Wood.
The ones uncovered in this month's report are more akin to legitimate versions of these services. At least 87 shortened URLs have been spotted so far, all with the same naming pattern and .info domain.

More at -
http://www.v3.co.uk/v3-uk/news/2119946/spammers-pu...

--
Was this reply relevant?
+0
-0
mogs CC130
Expert Contributor 28th Oct, 2011 03:12
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
SOFTWARE FIRM Microsoft has announced that the Firefox web browser is now available with its Bing search engine.
The firm revealed in a blog post that it had been working hard with apparent rival Mozilla to add the Bing search option to the web browser that is nipping at its market share.
"You have told us to make it even easier to use Bing in Firefox," said Tor Steiner of the Bing team.
"Today we're teaming with Mozilla to release Firefox with Bing, a version of the popular Web browser that includes default search settings for Bing. Now Firefox users who are Bing enthusiasts can use Firefox with Bing to use the Web the way they want without having to take extra steps to navigate or customize their settings to Bing."
So some users might like the fact that Bing can be set as a homepage in Firefox and can be installed as the default setting in the Firefox search bar.
Bing Search for Firefox is offered as a browser add-on.


http://www.theinquirer.net/inquirer/news/2120396/m...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Expert Contributor 28th Oct, 2011 03:19
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
DHL Express Notification Serves Trojan

A spam message that seems to be a notification from DHL, the popular logistics group, alerts users on the existence of an alleged shipment that may try to reach the recipient of the email.

MX Lab discovered the malicious campaign that spreads containing subjects such as “DHL Express Notification for shipment for 26 Oct 2011” or “Notification for shipment for 26 Oct 2011.”


To make the whole thing more cleaver, the date in the subject most likely changes and the alert seems to be coming from a genuine looking spoofed address that reads something like “DHL Express International Support <parcel.support@dhl.com>”.

The body of the message urges the unsuspecting victim to follow a link or open an attachment:

Read more at :-
http://news.softpedia.com/news/DHL-Express-Notific...

--
Was this reply relevant?
+0
-0
mogs CClip 132
Expert Contributor 28th Oct, 2011 03:23
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome 15 Fixes HTTPS Login Issue While Mozilla rolled out the “Bing”-ed version of Firefox, Chrome Stable gets a minor update, a day after the major version increased to 15. The reason for the update is a fix for some login issues.

The latest stable release, Chrome 15.0.874.106, deals with a form-based authentication bug that would not permit subscribers to log into barrons.com. The bug had been spotted in Chrome Dev 16.0.912.4 and the operations for fixing the problem had started a while ago.

One way to tackle this issues would have been disabling 1/n-1 SSL record splitting in Chrome, but the ideal way to get rid of it was to help the affected websites fix their code and also apply a patch to their browsing client, which is exactly what happened.

At the moment the bug has been eliminated in the Stable release of the web browser.

http://news.softpedia.com/news/Chrome-15-Fixes-HTT...

--
Was this reply relevant?
+0
-0
mogs CClip 133
Expert Contributor 28th Oct, 2011 03:27
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Flash Player 11.2 Beta Three weeks after Adobe Flash Player 11 rolled out, the company releases the first beta for their cross-platform, browser-based application. The release is available for Windows, Mac and Linux.

Flash Player 11.2.202.18 brings to the table fully multi-threaded video decoding, which should improve overall performance as the processes (decoding and rendering) are offloaded to hardware. Among the benefits we count an increase in frame rate, jitter elimination during encoding and live streaming as well as seek fram accuracy.

The second modification available in this version is for Windows platform only, and tackles the updating mechanism, which is now able to perform its duty in the background, silently. The option is available at the end of the installation procedure.

Besides the comfort of automatic updating, this feature is also security related, as it ensures that users run the latest version of the player, making them less vulnerable to attacks.

Check out the full release notes on this page.

http://news.softpedia.com/news/Flash-Player-11-2-B...

--
Was this reply relevant?
+0
-0
mogs CClip 134
Expert Contributor 28th Oct, 2011 10:22
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Bankers Warn of Rise in Phishing Campaigns The American Bankers Association (ABA) issued a bulletin in which they warn customers on the fact that phishing expeditions that rely on the names and reputations of financial institutions are recording a sudden increase.

All bank clients are advised to be on alert for any suspicious request that seems to be coming from the repository they trust with their savings.


Reports reveal that cybercriminals are using automated dialers, text messages and emails to trick consumers into believing their accounts were closed due to fraud.

In most cases, victims are required to supply credit card information, which includes the CV code and the expiration date, all of which can be later utilized to perform illegal transactions without the customer's notice.

“Those who respond to these inquires run the potential risk of having their information used to fraudulently purchase goods and services or to obtain credit,” reveals the report.

More at :-
http://news.softpedia.com/news/Bankers-Warn-of-Ris...

--
Was this reply relevant?
+0
-0
mogs CClip 135
Expert Contributor 28th Oct, 2011 13:54
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

October 28th, 2011, 11:21 GMT · By Marius Oiaga
Fix 2 Incorrect x86 Registry Entries in x64 Windows 7 SP1

An update is available for download from Microsoft, designed to resolve two incorrect 32-bit registry entries in the 64-bit flavor of Windows 7.

According to information provided by the Redmond company, both Windows 7 RTM and Windows 7 Service Pack 1 (SP1) are affected by the problem.


At the same time, the software giant pointed out that customers with Windows Server 2008 R2 RTM and Windows Server 2008 R2 SP1 can also experience issues because of the two faulty registry keys.

Here are the two x86 registry entries with incorrect values under x64 Windows 7 and Windows Server 2008 R2:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\currentversion\RegisteredOrganization

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\currentversion\RegisteredOwner

The Redmond company stresses that the values of the 64-bit versions of the registry entries mentioned above are perfectly correct.

Customers might find it very hard to actually tell that the values of the two x86 registry keys don’t match those of the x64 versions on their own.

Microsoft described a symptom that users can come across, related to the license of x86 programs installed on their computers. “This issue may cause 32-bit applications on the computer to display incorrect license information,” the company explained.

As I already said, the company is already distributing an update designed to resolve this glitch. Customers can also download the refresh and manually install in on their machines, making sure to fend off any potential problems.

“After you install this update, the values of the 32-bit versions of the two registry entries are updated to match the values of the following 64-bit versions:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\currentversion\RegisteredOrganization

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\currentversion\RegisteredOwner,” Microsoft said.

The software giant also issued a warning to original equipment manufacturers building new machines preinstalled with Windows 7 or Windows Server 2008 R2 not to include KB 2603229.

“Do not slipstream this update into preconfigured operating system images. You must run this update only after the operating system is installed and the Out-of-Box Experience (OOBE) is finished,” the company said.

Here are the download links for the update:

All supported x64-based versions of Windows 7

All supported x64-based versions of Windows Server 2008 R2

All supported IA-64-based versions of Windows Server 2008 R2

http://news.softpedia.com/news/Fix-2-Incorrect-x86...

--
Was this reply relevant?
+0
-0
mogs CClip 136
Expert Contributor 28th Oct, 2011 18:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Updates

Beta Channel Update for Chromebooks

Friday, October 28, 2011 | 08:29
Labels: Beta updates, Chrome OS
The Beta Channel has been updated to 15.0.874.116 (Platform version: 1011.107) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48)

Release highlights:
A number of functionality and stability fixes
Flash updated to 11.0.31.110
Web UI login connectivity and authentication fixes
3G Activation fixes
Known issues:
Two finger scroll may brake after AU (Issue: 20511) - Work around: Power cycle device
When logging out from Guest with Accessibility on, the system hangs (Issue: 22133)

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue’ under the wrench menu.

Josafat Garcia
Google Chrome
0 comments | Links to this post | Email Post

Dev Channel Update
Thursday, October 27, 2011 | 16:09
Labels: Dev updates

The Dev channel has been updated to 16.0.912.15 for Windows, Mac, Linux, and Chrome Frame. This release contains fixes for stability. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 137
Expert Contributor 28th Oct, 2011 21:42
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Number of fake antivirus attacks has decreased considerably, researchers say
New versions of scareware are still coming out, but distribution is not as aggressive anymore

By Lucian Constantin | IDG News Service

The frequency of attacks that distribute fake antivirus software, a long-time pillar of the underground economy, has decreased considerably in recent months. However, security researchers warn that the industry is not yet dead and new versions of attacks continue to be released.

According to a new report from antivirus vendor Kaspersky Lab, the rate of fake antivirus attacks in June was somewhere between 50,000 and 60,000 per day, but their frequency has dropped to under 10,000 a day.

More at :-
http://www.infoworld.com/d/security/number-fake-an...

--
Was this reply relevant?
+0
-0
mogs CClip 138
Expert Contributor 28th Oct, 2011 21:49
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Video of Emma Watson Nude Links to Malware

The linked malware is currently detected by only 17 percent of anti-virus solutions.

Zscaler researchers are warning of a link to a video claiming to show actress Emma Watson naked, which instead leads to malware.

"But unfortunately for all those who fell for the lure, a click on the Play button or any other link does not start the (nonexistent) video," writes Help Net Security's Zeljka Zorz. "Instead, the target is asked to update its Adobe Flash Player in order to be able to view it."

"And the offered file (scandsk.exe) - actually a Trojan dropper - is currently detected by only 17 percent of the AV solutions employed by VirusTotal," Zorz writes.

Go to "Naked Emma Watson video leads to malware" to read the details.

http://www.esecurityplanet.com/malware/video-of-em...

--
Was this reply relevant?
+0
-0
mogs CClip 139
Expert Contributor 28th Oct, 2011 21:57
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Apple fixes security flaws in Windows version of QuickTime
by Shaun Nichols
28 Oct 2011

Apple is advising Windows users to update their systems following the release of a patch for the QuickTime media player tool.
The company said in a security advisory that QuickTime 7.7.1 addresses 12 vulnerabilities in the Windows version of the platform, but does not affect Mac OS X users.
Ten of the flaws could be targeted by way of a maliciously crafted PICT or FlashPix movie file to cause an application crash and allow remote code execution.
The update also fixes a cross-site scripting flaw which could allow an attacker to insert code into an HTML file, and a vulnerability which could allow an attacker to view a user's memory contents by way of malformed movie file.
Apple urged Windows users to install the 7.7.1 update, which can be obtained through the Apple Software Update utility or manually downloaded from the Apple support site. The update supports Windows versions from XP to Windows 7.

http://www.v3.co.uk/v3-uk/news/2120703/apple-fixes...

--
Was this reply relevant?
+0
-0
mogs CClip 140
Expert Contributor 29th Oct, 2011 11:45
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hacker Demos Lethal Attack on Insulin Pumps

Barnaby Jack demonstrated how an implantable insulin pump could be hacked to release a fatal dose of insulin.

At the Hacker Halted conference in Miami, McAfee security researcher Barnaby Jack recently demonstrated an attack that could be used to deliver a lethal dose of insulin to a diabetic.

"In it, he used a modified antenna and software to wirelessly attack and take control of implantable insulin pumps from the firm Medtronic," writes Threatpost's Paul Roberts. "Jack demonstrated how such a pump could be commanded to release a fatal dose of insulin to a diabetic who relied on the pump."

"Jack points out that the Medtronic devices do not use encryption to protect wireless communications between the implanted device and the management software," Roberts writes.

Go to "Blind Attack on Wireless Insulin Pumps Could Deliver Lethal Dose" to read the details.

http://www.esecurityplanet.com/hackers/hacker-demo...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Expert Contributor 29th Oct, 2011 12:03
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

October 29th, 2011, 08:19 GMT · By Eduard Kovacs
Dancing Halloween Skeletons Hide Malware

GFI Software released a list of tips and Halloween malware spotting techniques to make sure unsuspecting internauts don't fall for any colorful scams.

Halloween malware doesn't come only as fake online stores that offer fabulous discounts but also as other nasty stuff that will use any means available to make sure our computers are infected.


“Major holidays always present a big challenge for the public and security software companies, but Halloween has become a particular flashpoint in the calendar. The combination of things that people will search for online at this time of year presents multiple opportunities for scammers to try to compromise personal data and corrupt computers,” revealed Jovi Umawing, communications and research analyst at GFI Software.

“It is paramount that people are vigilant and approach anything with a Halloween theme with caution, so that genuine emails and websites can be enjoyed, and the tricks, don’t undermine the online treats.”

More at
http://news.softpedia.com/news/Dancing-Halloween-S...

--
Was this reply relevant?
+0
-0
mogs CClip 142
Expert Contributor 29th Oct, 2011 12:08
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

IE9 Runner-up to IE8 as Top Browsers on Windows 7 Worldwide

It was only a matter of time, after all, but according to Microsoft estimates, Internet Explorer 9 could move into the runner-up position to its predecessor IE8 as the top browsers on Windows 7 in terms of usage share.

Roger Capriotti, director, Internet Explorer Marketing reveals that the number of Windows 7 users relying on IE9 will get closer to those running IE8 as early as November 2011.


Capriotti is basing the conclusion on the evolution of browser usage according to statistics from NetMarketshare.

“It’s looking to be a good Halloween for developers. Windows 7 share continues to climb, and as early as next month, IE9 on Windows 7 could be the leading modern browser behind IE8,” Capriotti explained.

More at :-
http://news.softpedia.com/news/IE9-to-Dethrone-IE8...

--
Was this reply relevant?
+0
-0
mogs CClip 143
Expert Contributor 30th Oct, 2011 09:24
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google Chrome 17 Finally Has a Fully Working Multiple-Profile Feature
Google has been working on adding multiple profile support to Google Chrome for quite some time now. The first signs landed in Google Chrome 13, but even now, in the latest Google Chrome 15, it doesn't work perfectly, on all platforms.

But it looks like Google has finally cracked it with Google Chrome 17, technically Chromium 17 for now, multiple profiles work as they should, the integration with Google Accounts also works so the feature is finally usable.

Google has been tweaking the look and feel of the multi-profile menu as well, not to mention replacing the default avatars several times.

But it looks like it finally has a working combination, so you can finally have two different Chrome windows with completely different user profiles.

This comes in handy in a lot of situations, from running a logged-out Google Search, to keeping a different set of extensions for different tasks, watching YouTube, writing something on Google Docs, keeping up with friends in Facebook and so on.

http://news.softpedia.com/news/Google-Chrome-16-Fi...

--
Was this reply relevant?
+0
-0
mogs CClip 144
Expert Contributor 30th Oct, 2011 14:11
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 30th Oct, 2011 14:12
US firm confirms web censoring tools used in Syria A US firm specializing in Internet censoring equipment on Friday confirmed that Syria was using its products to block web activity, amid a brutal crackdown on anti-regime protests.
Northern California-based Blue Coat Systems told AFP that Internet filtering equipment sold to Iraq's communications ministry has mysteriously been put to use in Syria but insisted it did not know how the equipment changed hands.
The United States bars selling any such equipment to Syria.
"The evidence points to it being in Syria," a Blue Coat official said, referring to analysis of data logs and computer address numbers from Syria's Internet posted by 'hactivists.'
"Since we didn't sell it there, we don't know the particulars," said the official, who asked not to be named due to the sensitivity of the matter.
The official said that it appears that at least 13 of the 14 Web censoring "appliances" shipped to Iraq -- which combine computer hardware and software -- are being used in Syria.

More at :-
http://www.physorg.com/news/2011-10-firm-web-censo...

--
Was this reply relevant?
+0
-0
mogs CClip 145
Expert Contributor 30th Oct, 2011 14:17
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
China-based servers in Japan cyber attacks: report A virus that infected computers at Japanese overseas diplomatic missions had been designed to send data to servers in China, a report said Friday.
The virus -- Backdoor Agent MOF -- has been found to have infected computers at around 10 embassies and consulates, and at least two of the servers designated as the recipients of stolen information were in China, the Yomiuri Shimbun said.
The virus is capable of transmitting user IDs and other information to terminals outside and operating software by bypassing authorised users, the daily said.
The domain of the servers was the same as that used for earlier cyber attacks on Google and tens of other companies, the Yomiuri said, quoting unnamed sources.
A "backdoor" virus opens a route into a computer's system to allow access by a remote hacker, who could use it to steal data.

More at :-
http://www.physorg.com/news/2011-10-china-based-se...

--
Was this reply relevant?
+0
-0
mogs CClip 146
Expert Contributor 31st Oct, 2011 19:32
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
GCHQ chief reports 'disturbing' cyber-attacks on UK
COMMENTS (326)

The UK says cyber crime is as serious a threat as international terrorism
Cyber attacks on the UK are at "disturbing" levels, according to the director of Britain's biggest intelligence agency.

Government computers, along with defence, technology and engineering firms' designs have been targeted, Iain Lobban, the head of GCHQ, has said.

China and Russia are thought to be among the worst culprits involved in cyber attacks.

On Tuesday, the government hosts a two-day conference on the issue.

More at :-
http://www.bbc.co.uk/news/uk-15516959

--
Was this reply relevant?
+0
-0
mogs CClip 147
Expert Contributor 31st Oct, 2011 19:36
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Legitimate Apple Emails Replicated in Phishing Campaign

A phishing campaign which involves the reputation of Apple has been seen invading inboxes. The rogue message perfectly replicates alerts received by customers when the company notifies them on changes of their accounts.

A Trend Micro researcher came across a message that looked very much like the genuine message he had received not long ago from the Cupertino

firm.

The fake email seems to come from “do_not_reply@itunes.com” and is sent via smtp.com. Coming with the subject “Account Info Change,” it perfectly replicates most visual aspects of the real deal.

More at :-
http://news.softpedia.com/news/Legitimate-Apple-Em...

--
Was this reply relevant?
+0
-0
mogs CClip148
Expert Contributor 31st Oct, 2011 19:42
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Old image resize script leaves 1 million Web pages compromised
Timthumb can still be attacked when found in unused WordPress themes

By Lucian Constantin

IDG News Service - A serious code injection vulnerability affecting timthumb, a popular image resize script used in many WordPress themes and plugins, has been exploited in recent months to compromise more than 1 million Web pages.

Estimating the impact is not an easy task, according to website integrity monitoring vendor Sucuri Security, which monitored the fallout of this flaw since it was first announced at the beginning of August.

More at :-
http://www.computerworld.com/s/article/9221328/Old...

--
Was this reply relevant?
+0
-0
mogs CClip 149
Expert Contributor 31st Oct, 2011 19:50
Score: 2265
Posts: 6,268
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Nov, 2011 20:29
Facebook Getting Hammered With Up To 600,000 Hack Attempts a Day

Written by
Ravi Mandalia

Social media giant Facebook claimed that it usually blocks anywhere between 250,000 to 600,000 daily hack attempts, targeted to jeopardise the security of its users.

According to the company, everyday the site witness near about 1 billion or more logins, of which, approximately 0.06 percent are compromised.



Read more: http://www.itproportal.com/2011/10/31/facebook-get...

This thread is now closed.........
Please see November's CYBERCLIPS at ;-

http://secunia.com/community/forum/thread/show/116...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+