Forum Thread: Daily CYBERCLIPS November

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS November
Member 1st Nov, 2011 20:25
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK

Fourteenth Edition.
Thankyou for the support thro' the last month. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security remains the main theme of the thread with some related and varied topics.
Scroll down for the latest posts !!
Please note that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Member 1st Nov, 2011 20:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

British households download about 17 gigabytes of data on average every month over their home broadband connections, suggests a report.

Regulator Ofcom's study takes a high level look at the state of the UK's digital communications.

The monthly data diet is equivalent to streaming 11 movies or 12 hours of BBC programmes via iPlayer.

The report reveals which regions are rich in broadband, mobile and digital radio coverage and which lag behind.

As part of the research, Ofcom has produced maps which grade each county or conurbation on how well they support different technologies.

Read more at :-
http://www.bbc.co.uk/news/technology-15542558

--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 1st Nov, 2011 20:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Researchers defeat CAPTCHA on popular websites
New tool is capable of solving CAPTCHA tests on Wikipedia, eBay, CNN and others

By Lucian Constantin
November 1, 2011 11:47 AM ETAdd a comment
IDG News Service - Researchers from Stanford University have developed an automated tool that is capable of deciphering text-based anti-spam tests used by many popular websites with a significant degree of accuracy.

Researchers Elie Bursztein, Matthieu Martin and John C. Mitchel presented the results of their year-and-a-half long CAPTCHA study at the recent ACM Conference On Computer and Communication Security in Chicago.

CAPTCHA stands for 'Completely Automated Public Turing test to tell Computers and Humans Apart' and consists of challenges that only humans are supposed to be capable of solving. Websites use such tests in order to block spam bots that automate tasks like account registration and comment posting.

More at :-
http://www.computerworld.com/s/article/9221364/Res...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 1st Nov, 2011 20:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Is Your Free AV a System Hog?

Antivirus software is a necessity these days but some solutions are a bigger drain on system resources than others. See how AVG, Microsoft, Avast and Comodo compare.

By Eric Geier | November 01,

The effectiveness of malware detection, how well it catches infections, is the chief characteristic to consider when choosing an antivirus program. But resource consumption, how much system resources it uses, is also important. This is especially true on older machines where heavy duty usage by your AV software can bog down the system and make it crawl when running scans.

In a previous article, A Guide to Free Antivirus Software, I reviewed four different free antivirus programs from Avast, Comodo, AVG, and Microsoft. I looked at the security features of each. Now, I am reviewing the resource consumption of the same four programs.

Read more at :-
http://www.esecurityplanet.com/malware/is-your-fre...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 1st Nov, 2011 20:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Serendipity 1.6 Patches Security Flaw

The update addresses an XSS vulnerability.

October 31,
Version 1.6 of the open source Serendipity blogging software was recently released, addressing a cross-site scripting (XSS) vulnerability.

"All users are advised to backup their database before upgrading to the new version," The H Security reports.

"Further details about the release can be found in a post on the Serendipity blog," the article states. "Serendipity 1.6 is available to download from the project's site."

Go to "Serendipity 1.6 integrates jQuery and updates plug-ins" to read the details.

http://www.esecurityplanet.com/open-source-securit...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 1st Nov, 2011 20:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 1st Nov, 2011 20:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Finally Windows 7 overtakes Windows XP use

Upstart takes out ten year incumbent
By Dave Neal
Tue Nov 01 2011, 12:46
REDMOND SOFTWARE firm Microsoft has finally seen use of its Windows 7 operating system (OS) overtake that of its ten year old brother, Windows XP.
Web analytics firm Statcounter revealed the change in usage and explained that globally Windows 7 has a 40.5 per cent market share, Windows XP has 38.5 per cent, and Windows Vista has 11.2 per cent.
"Vista was like the ugly sister that few wanted to dance with," said Aodhan Cullen, CEO, Statcounter, as he announced the changes.
"Despite Microsoft trying to keep it back in the kitchen, [Windows] XP has retained tremendous loyalty over the last decade. However, it looks like the younger Windows 7 is now emerging in the Cinderella role."

More at :-
http://www.theinquirer.net/inquirer/news/2121606/f...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 1st Nov, 2011 20:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 1st Nov, 2011 22:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 1st Nov, 2011 22:19


--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 2nd Nov, 2011 07:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Tuesday, November 1, 2011 | 16:01
Labels: Dev updates
The Dev channel has been updated to 16.0.912.21 for Windows, Mac, Linux, and Chrome Frame. This release contains stability fixes. Full details about what changes are in this build are available in the SVN revision log. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.


Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 2nd Nov, 2011 10:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Nitro' hackers use stock malware to steal chemical, defense secrets
Symantec traces one command-and-control server to China

By Gregg Keizer | Computerworld

Attackers used an off-the-shelf Trojan horse to sniff out secrets from nearly 50 companies, many of them in the chemical and defense industries, Symantec researchers said today.

The attack campaign -- which Symantec tagged as "Nitro" -- started no later than last July and continued until mid-September, targeting an unknown number of companies and infecting at least 48 firms with the "Poison Ivy" RAT (remote-access Trojan).

[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]

Poison Ivy, which was created by a Chinese hacker, is widely available on the Internet, including from a dedicated website.

The malware has been implicated in numerous attacks, including the March campaign that hacked the network of RSA Security and swiped information about that company's SecurID authentication token technology.

In a paper published today (download PDF), Symantec researchers spelled out their analysis of the Nitro attacks and the use of Poison Ivy.

Read more at :-
http://www.infoworld.com/d/security/nitro-hackers-...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 2nd Nov, 2011 10:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Study: User tools to limit ad tracking are clunky
Carnegie Mellon University researchers found "serious usability flaws" in several popular privacy tools

By Juan Carlos Perez

IDG News Service - People who want to limit the behavioral advertising and tracking they are subjected to on the Web aren't well served by some popular privacy tools, according to a Carnegie Mellon University study.

Researchers concluded that the tools evaluated in the study, which included IE and Firefox components, were generally too complicated and confusing, leading people to misuse them.

"We found serious usability flaws in all nine tools we examined," reads the 38-page report, released on Monday.

The nine tools fall into three main categories: tools that block access to advertising websites; tools that create cookies that indicate users want to opt out of behavioral advertising; and privacy tools built into web browsers.

The researchers enlisted 45 people to try out the tools. The participants weren't technical experts, nor were they knowledgeable about privacy tools, but did have an interest in this type of tools.

Read more at :-
http://www.computerworld.com/s/article/9221379/Stu...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 2nd Nov, 2011 10:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The New Gmail Is Here with a New Look, Streamlined Conversations, Better Search

Google is ready to unveil the redesigned Gmail. It's been working on it for months and the brand new design is finally ready to roll out. The changes go beyond skin deep, there's a revamped search box, a new conversation view and other improvements.

Google unveiled a preview of what the new Gmail could look like last summer, in order to get real-world feedback on some of the changes. Unfortunately, it doesn't seem that if you were using the preview theme you'll get the new look before everyone else.


In fact, the notification about the new design will start popping up over the next few days.

The design is completely changed, of course, that's the first thing you'll notice, but it's in tune with the rest of Google, there shouldn't be anything too surprising here.

More at :-
http://news.softpedia.com/news/The-New-Gmail-Is-He...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 2nd Nov, 2011 10:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Malware writers and cyber criminals are increasingly moving into specialised fields of attack and exploitation, according to security firm IID.
The company said in its quarterly threat report that researchers have noted a trend towards specialisation in the malware space, with many criminals focusing on one specific area of expertise to trade on the black market.

IID chief executive Lars Harvey told V3 that malware writers are not only focusing on specific areas of attack, but are also commoditising exploited machines on a more granular level.
Rather than sell off large quantities of infected systems for botnet activity, Harvey said attackers have begun selling access to individual high-value targets such as systems with access to government or large-enterprise networks.
Additionally, the malware samples spotted in the wild are developing sophisticated, highly-specialised practices. Harvey noted infections such as Avalanche, which use a technique known called fast flux to rapidly cycle infected domains through multiple DNS addresses and avoid detection.
"They are experienced, they are focused and that makes it hard for the defenders," Harvey explained.
"They are specialists, and at best we are generalists."

Read more at :-
http://www.v3.co.uk/v3-uk/news/2121809/iid-malware...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 2nd Nov, 2011 16:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Secunia offers to coordinate vulnerability disclosure on behalf of researchers
New vulnerability coordination program aims to reward security researchers and make their job easier

By Lucian Constantin | IDG News Service
Print|Add a comment

Danish vulnerability management company Secunia aims to make the task of reporting software vulnerabilities easier for security researchers by offering to coordinate disclosure with vendors on their behalf.

The Secunia Vulnerability Coordination Reward Programme (SVCRP) is the latest addition to a list of offerings like TippingPoint's Zero Day Initiative or Verisign's iDefense Labs Vulnerability Contributor Program, which allow researchers to avoid the hassle of dealing with different vendor bug reporting policies.

However, according to Carsten Eiram, Secunia's chief security specialist, SVCRP doesn't aim to be an alternative to these programs, but to complement them.

"Other major vulnerability coordination offerings exist but most have a business model wrapped around them," Eiram said.

"Most other schemes pay researchers for their discoveries, and, while these offerings are excellent for researchers, the companies are, naturally, very selective in which vulnerabilities they wish to purchase and coordinate," he said.

Secunia plans to fill the void left by other programs by accepting the vulnerabilities they reject, regardless of their classification and as long as they are in off-the-shelf products. Flaws discovered in online services such as Facebook, for example, do not qualify.

The company won't profit directly from SVCRP and doesn't plan to provide advance notification about the reported flaws to its customers, as other companies do. "All customers, as well as the community at large, will receive the information simultaneously when the Secunia advisory is published," the firm said.

Read more at :-
http://www.infoworld.com/d/security/secunia-offers...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 2nd Nov, 2011 16:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 2nd Nov, 2011 16:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 17
Member 2nd Nov, 2011 16:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 2nd Nov, 2011 18:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Following on from CClip 15 ************
How to find out if your email address has been compromised

An enterprising group of security researchers has created a massive list of 'pwned' email addresses and user names. Take a minute to see if you're on it
By Woody Leonhard | InfoWorldFollow @infoworld



Ever had a sneaky suspicion that somebody, somewhere has cracked your email account?

A handful of researchers at well-known security firm HP/TippingPoint DVLabs spend their spare time looking for publicly posted lists of cracked email addresses. They've also written programs that comb repositories of dumped stolen data, including Pastebin. Their collection has grown to 5,000,000 known compromised accounts, and it's growing daily.

If you're curious to see if your email address or username has appeared on any of those clandestine lists, drop by PwnedList and see if your email address has appeared on any of the lists DVLabs has accumulated.

While the list is far from complete -- I verified that several known "pwned" email addresses aren't on the list -- it's sobering and well worth your time to check. It's free, and it only takes a second (if the server hasn't melted down).

More at :-
http://www.infoworld.com/t/hacking/how-find-out-if...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Member 3rd Nov, 2011 19:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Thursday, November 3, 2011 | 08:00
Labels: Beta updates
The Beta channel has been updated to 16.0.912.21 for Windows, Mac, Linux, and Chrome Frame.

For an overview of key features in this release check out the Google Chrome Blog. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
5 comments | Links to this

--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 3rd Nov, 2011 19:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 3rd Nov, 2011 20:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
IID Reports Rise in Internet Malware, Phishing Group Avalanche Resurfaces

Written by
Ravi Mandalia


Website security services provider Internet Identity (IID) has released its quarterly security report in which it claims that internet malware is rising unchecked.

According to the Third Quarter eCrime Report released by the company, the number of malware infested websites has increased by 89 percent during the third quarter of 2011 from the second quarter of the same year.

In its research, the company found that FDIC, U.S. Federal Reserve, IRS and NACHA (National Automated Clearing House Association) are the most impersonated organisations on the web.

The company claimed that the rise in the number of malware may be attributed to the Avalanche phishing group resuming their nefarious activities. This is the same group that was responsible for around two-thirds of all the phishing attacks that took place in the second half of 2009.



Read more: http://www.itproportal.com/2011/11/02/iid-reports-...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Member 3rd Nov, 2011 20:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Panda Report: 5 Million New Malware Samples in Q3

Panda Labs issued their third quarter report in which they highlight the increase of malware, the activity of the infamous Anonymous hacktivists and other interesting security related issues.

The paper shows that while they keep making headlines, Anonymous suffered a blow with 15 alleged members of the organization being apprehended in Italy. Their activity in the US is also outlined, the hacking of a US Department of Defense contractor and the leaking of NATO documents being the most significant attacks that took place since July.

Cybercrime in general also took a blow as some crooks responsible for million dollar operations were put behind bars. On the downside, events like the death of Amy Winehouse gave tricksters new ideas for social engineering plots.

The figures in the report reveal that the most new malware samples detected by the their researchers were actually Trojans (76%), followed by Viruses (12%) and Worms (6%). More specifically, Generic Trojans were identified as being the most common, the next positions being occupied by CI.A Trojans and Generic Malware.

The countries that suffered the most from malware infections turn out to be China, Taiwan, Turkey, Russia and Poland. The least affected were Switzerland, the UK and Sweden.

More at :-
http://news.softpedia.com/news/Panda-Report-5-Mill...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Member 3rd Nov, 2011 20:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Download Google Chrome 16 with Multiple-Profile Support Finally! Google Chrome Beta has moved to version 16, bringing support for multiple profiles. And it only took them a few days to slide the feature from Dev into Beta.

What this means is that you can have all the personal stuff synchronized in any Google Chrome you use.

This is done by signing into the browser with your Google Account as a new user, and the sync service will automatically kick in and deliver your bookmarks, settings, apps, omnibox history and extensions.

Mind that multiple profiles feature aims at offering your own personalized Chrome environment and is by no means intended to keep your data safe.

Anyone accessing your profile will be able to check your history links, installed apps and extensions; so disconnecting your Google Account will not sign you out of an app or lock access to the browsing traces in your profile.



http://news.softpedia.com/news/Download-Google-Chr...


--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 4th Nov, 2011 07:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 4th Nov, 2011 07:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 5th Nov, 2011 00:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft releases manual fix for Duqu zero-day
By Julie Bort

Network World - Microsoft has released a Fix-it tool to allow Windows users to manually patch their systems to thwart the Duqu Trojan: Microsoft Security Advisory (2639658).

Duqu, or "son of Stuxnet" as some call it, is worrisome because it installs a keystroke logger and then can replicate itself, even across secure networks, using the passwords obtained. It communicates with other servers across the Internet, giving hackers access. The malware will remove itself after 30 days.

In its Security Advisory, Microsoft confirmed that it is seeing attacks in the wild, but downplayed the impact. The Advisory said, "Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware."

Nevertheless, Microsoft did release a "Fix-it" tool that allows IT professionals to manually disable the code with the hole in their systems. It does have some drawbacks in that, "Applications that rely on embedded font technology will fail to display properly," Microsoft warns. Additionally, IT professionals can also manually perform the fix by entering in a series of commands at an administrative prompt. The Fix-It is for all versions of Windows. Here is a link to it. The manual commands are available via Microsoft's Security Advisory, under "Workarounds."

Microsoft is still investigating if it will also release a patch. If so, this patch is not currently scheduled to be part of Tuesday's batch.

More at :-
http://www.computerworld.com/s/article/9221516/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 5th Nov, 2011 00:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
A short history of crimeware
Eight major advances in crimeware technology as malware authors strive to circumvent traditional defenses George Orwell, in his classic vision of the future "Nineteen Eighty-Four," foresaw a totalitarian state filled with devices termed telescreens that were the state's means of monitoring citizens. Today, with our dependence on modern technologies such as PCs and mobile devices, and the widespread availability of crimeware, we've exceeded anything Orwell could ever have imagined. Crimeware is a class of malware that is specifically designed to automate large-scale financial crime. We now carry our own version of Orwell's telescreens with U.S. -- termed mobile devices -- having cameras, microphones, GPS, and containing all our interactions. Instead of Orwell's vision of a totalitarian state monitoring citizens' lives, we now have a limitless number of individual criminals or hostile states from around the globe capable of using crimeware within our technologies to track our every movement, conversation and action.

With the widespread proliferation of crimeware, we virtually broadcast our very lives around the world for criminals, competitors, and enemies to do with what they will. There is no longer any notion of yesteryear's security, let alone the fatigued concepts of privacy or anonymity.

There are few viable options to combat crimeware's success in undermining today's technologies. One proposed approach fights fire with fire, using malware's own techniques in hand-to-hand combat for the ultimate control of processors. This anti-crimeware approach defeats crimeware by disabling its methods of harvesting data from within PCs, but makes no actual inroads into removing crimeware. Intel and McAfee recently proposed scrapping current processor technology and starting again to design new impenetrable processors [PDF link]. One can only imagine the time and cost necessary to replace and update our entire processor infrastructure. In either case, it is important to know how seriously crimeware has undermined our technologies and the radical thinking required to fight crimeware.

Read more at :-
http://www.infoworld.com/d/security/short-history-...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 5th Nov, 2011 00:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Customers complain of a widespread outage leaving their funds inaccessible at the start of a weekend.
By Tom Brewster, 4 Nov 2011 at 16:04

HSBC systems, including cashpoints and internet banking, appear to have gone down.

Customers from across the world have complained about being unable to withdraw money or use internet banking.

"Disappointed with #HSBC how can their system be dwn. Haven't been able to buy or take out any money for an hour," said Twitter user MissYummyMama.

"#hsbc bank down, cant log-in to internet banking, can't draw money out & can't use card," said mattwing79.

Our sister title Cloud Pro has been attempting to use both the HSBC phone and internet banking services but could not access either.

The HSBC website is up yet it appears to be impossible to login.

"I'm sorry this service is not available right now," an automated message on the phone service said.

HSBC confirmed it has heard of some issues and is investigating.

More at :-
http://www.itpro.co.uk/637180/hsbc-consumer-bankin...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 5th Nov, 2011 00:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google Chrome 17 Is Here, in the Dev Channel, with Several Improvements Now that the Google Chrome 16 Beta is out, dev channel users are in for a treat as they've been upgraded to the brand new Google Chrome 17. Of course, the same dev channel users know that this is not much to cheer about, apart perhaps the fact that they'll finally start seeing new features come in, after the pre-beta release lull.

Google Chrome 17.0.928.0 for Windows, Mac and Linux has now been made available. Google Chrome Frame users have also received the same update.

There are several new things in the latest version, compared to the previous Google Chrome 16, the V8 JavaScript engine has been updated to V8 3.6.6.3, a rather symmetrical version number, also known as a palindrome, a word or number which can be read the same in both directions.

There is now a prompt asking users if they are sure they want to cancel downloads started during Incognito Mode, if the last such window is closed. The same happens for any downloads when closing Chrome completely.

http://news.softpedia.com/news/Google-Chrome-17-Is...

Panels are now finally enabled by default, but they can be used only by extensions. Panels are small windows which pop out to house small apps that need to be accessible all the time, but which don't really need their own tab, chat apps, music players and so on.

In fact, the new YouTube app for Google+ could live very well inside a Panel.

Print Preview, which was recently introduced, now supports adjustable margins. Mouse lock permissions settings are now stored per domain.

On Linux, the new Chrome 17 release, fixes the multi user selection bubble menu when using a custom theme.

With Google Chrome 15 now in the stable channel, Google Chrome 16 in the beta and Google Chrome 17 finally in the dev channel, development can continue as usual at Chrome for the next six weeks or so, before the version numbers get upgraded again.

--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 5th Nov, 2011 20:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 31
Member 5th Nov, 2011 20:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 6th Nov, 2011 16:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 6th Nov, 2011 17:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
By Eduard Kovacs
Malaysian CA Issues 22 Weak Certificates

After the DigiNotar incident, it's the turn of a Malaysian CA to issue some dangerous certificates which may compromise the websites that utilize them.

According to Sophos, DigiCert Sbn. Bhd, which is unrelated to the US-based DigiCert, released 22 certificates for the Malaysian government, later turning out they were actually problematic.

The incident revealed a bundle of flaws in the certificates issued by the CA, one of the most important ones being the fact that they didn't contain an Extended Key Usage (EKU) which is utilized to inform the browser on what types of rights a digital certificate should have.

Another problem was related to the lack of revocation information, meaning that the certificates cannot be recalled in an unfortunate situation such as this one.

Entrust, the owner of DigiCert Sdn. Bhd, notified the parties involved and released a statement in which they revealed their plans to globally revoke the certificates of the affected company.

"It has been discovered that Digicert Malaysia has issued certificates with weak 512-bit RSA keys and missing certificate extensions. Their certificate issuing practices violated their agreement, their CPS, and accepted CA standards," reads their statement.

"Entrust believes that security companies have a duty to take action when security incidents like this occur. Upon discovery of the issues with Digicert Malaysia certificates, Entrust took immediate steps to address the situation to ensure the security of Entrust customers and all Internet users."

If at first everyone believed that the rogue certificates were not used in any malicious campaigns, it later turned out that two of the authorizations issued by DigiCert Sdn. Bhd were deployed in a spear phishing attack against another Asian CA.

Fortunately, the attack was discovered quickly and the damage caused was reduced to a minimum.

As a result of the hack, Microsoft and Mozilla are working on removing the certificates from their trusted lists. Others will probably soon follow.

http://news.softpedia.com/news/Malaysian-CA-Issues...


--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 6th Nov, 2011 17:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft Partly to Blame for Spread of Duqu

The TrueType font parsing engine is to blame but Microsoft views the risk as low ... for now.

By Sean Michael Kerner

For the last several weeks, the Duqu virus has been alive in the wild. While there had been some speculation as to how it infects systems, Microsoft has now admitted that a zero day flaw in Windows is partially to blame.

In a security advisory issued late Thursday, Microsoft disclosed a previously un-reported Windows flaw. The flaw attacks the TrueType font parsing engine Win32k component.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," Microsoft warned. "The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The Duqu malware was first identified on October 19 and has been connected by security researcher to the Stuxnet virus that hit Iran in 2010. F-Secure security researcher, Mikko Hyponnen recently said that Duqu shares source code with Stuxnet. Hyponnen also sees Duqu as being a pre-cursor to a new Stuxnet-type attack where Duqu is the data collection and target enumeration phase.

Duqu is already infecting machines worldwide. According to Symantec, six organizations in eight countries have confirmed Duqu infections. Microsoft noted in its advisory that they are aware of targeted attacks, however overall they see low customer impact at this time.

Microsoft has indentified at least one important mitigating factor which may help to reduce risk, as well.

"The vulnerability cannot be exploited automatically through e-mail," Microsoft stated. "For an attack to be successful, a user must open an attachment that is sent in an e-mail message."

More at :-
http://www.esecurityplanet.com/windows-security/mi...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 7th Nov, 2011 09:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Adidas websites go offline after hacking cyber-attack

Adidas said it discovered the attack on 3 November
Adidas has taken its website content offline after suffering what it described as a "sophisticated, criminal cyber-attack".

The German sportswear maker said it had no evidence that its consumers' data had been impacted, but that it was taking down the affected sites to protect visitors.

The news follows a series of attacks against Sony earlier in the year.

Millions of users details were compromised.

A statement from Adidas said that it discovered the incident on 3 November.

The firm said it had since put in place additional data security measures and had started to relaunch its websites.

"Nothing is more important to us than the privacy and security of our consumers' personal data," the statement added.

"We appreciate your understanding and patience during this time".

http://www.bbc.co.uk/news/technology-15614590

--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 8th Nov, 2011 11:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hacked server' claims another certificate authority casualty >> ZDNet

"Dutch certificate authority KPN has issued a statement, confirming that it will cease issuing operations after a security breach was discovered. KPN, formerly known as Getronics, which issues SSL-certificates to validate the authenticity of secure websites, will cease issuing certificates after one of its servers had been hacked, thought to be as far back as four years ago. "It's another major blow to the integrity of the web, only a month since Dutch certificate authority Diginotar was hacked, potentially compromising the security of websites belonging to the Dutch government, Google, Facebook and even state intelligence services." Digital certificate authorities have been making Greece look like a stable member of the euro this year.

http://www.guardian.co.uk/technology/blog/2011/nov...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 8th Nov, 2011 11:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 8th Nov, 2011 11:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The latest Dev channel seems to focus on Windows platform, as there is only one prominent change that affects all supported operating system; and that refers to fixing a possible hang caused by GPU usage.

The important changes on the Windows version of the browser include the re-instatement of the Native Client on the 64-bit platform. When fully developed, NaCl will allow software to run sandboxed in the browser.

Additional mending in Chrome 17.0.932.0 refers to a bug that caused the notification for missing plug-in to appear without a proper reason. The plug-in infobar ("An additional plug-in is required to display some elements on this page") would pop up even on websites such as YouTube, without informing which component needs to be installed.

Initial user reports suggested that Skype extension had something to do with the nag screen, as after disabling or uninstalling it the info bar would no longer appear. Luckily, the problem is now solved.

http://news.softpedia.com/news/In-Chrome-17-0-932-...

--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 8th Nov, 2011 12:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Sloppy certificate authorities put on notice
In the wake of GlobalSign, Comodo, and DigiNator attacks, Microsoft, Mozilla, and Opera revoke untrustworthy certs
By Roger A. Grimes | InfoWorldFollow @rogeragrimes


Microsoft has taken the unusually bold step of revoking the Windows Root Certificate Program's trust in a specific certification authority (CA), and the same CA is being blacklisted by browser makers Mozilla and Opera. These moves are not a reactionary maneuver to a malicious compromise, as seen with GlobalSign, Comodo, and DigiNator. Rather, they're the result of the CA, Digicert Sdn Bhd (Digicert Malaysia), having violated several key best practices. The decisions of Microsoft, Mozilla, and Opera -- with more vendors likely to follow -- should send a clear warning that the industry is becoming less tolerant of shoddy digital-certificate security, particularly in light of recent hacks.

In the case of Microsoft (my full-time employer), this means that Windows will no longer vouch for the CA as being trusted. Windows will not reflexively have the CA prepopulated or placed on demand in its Trusted Certificate Authorities container. If a user receives a digital certificate signed by Digicert, his or her application will probably display at least a digital certificate error and refuse to instantly accept it as trusted. Depending on the application, users may have the option to ignore the warning and proceed.

Read more at :-
http://www.infoworld.com/d/security/sloppy-certifi...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 8th Nov, 2011 14:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 8th Nov, 2011 15:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 42
Member 9th Nov, 2011 07:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Update
Tuesday, November 8, 2011 | 17:46
Labels: Beta updates
The Beta channel has been updated to 16.0.912.32 for Windows, Mac, Linux, and Chrome Frame.

For an overview of key features in this release check out the Google Chrome Blog. Interested in switching to the Beta or Stable channels? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 9th Nov, 2011 07:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 9th Nov, 2011 07:49
Microsoft patches critical Windows 7 bug, downplays exploit threat
No fix for Duqu flaw, but quashes different bug in same TrueType parsing engine
By Gregg Keizer

Microsoft today delivered four security updates that patched four vulnerabilities in Windows, most of them affecting the newer editions of Vista and Windows 7. Only one of the updates was marked "critical," Microsoft's most-serious threat ranking. Two of the remaining were labeled "important" and the fourth was tagged as "moderate."

As expected, Microsoft did not patch the Windows kernel vulnerability exploited by the Duqu campaign.

Top on Microsoft's chart today -- and on outside researchers' to-do lists as well -- was the MS10-083 update that patches a bug in Windows Vista's, Windows 7's, and Windows Server 2008's TCP/IP stack, which regulates Internet connections. The vulnerability could be used by attackers in certain circumstances to hijack an unpatched PC, said Microsoft, which nevertheless downplayed the likelihood of successful attacks

More at :-
http://www.infoworld.com/d/security/microsoft-patc...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 9th Nov, 2011 22:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft's Russinovich: How to stop a real 'Zero Day' disaster
The technical fellow has penned a scarily realistic malware disaster novel and shares with InfoWorld his tips for avoiding his characters' fates

By J. Peter Bruzzese | InfoWorld

I've just finished reading the book "Zero Day" by Mark Russinovich. This is the first fiction book that has computers and technology at the heart of it where I didn't angrily shout to the invisible author about the inaccuracy of the tech storyline. Even though the story is a work of fiction, the technical portion is spot-on -- and downright scary. But that makes sense considering Russinovich's background: He's a technical fellow at Microsoft, the senior-most technical position there, but is known globally for his contribution to the IT community through the Sysinternals tools many of us have used at one time or another.

The story involves the release of different types of viruses and rootkits that have the ability to do everything from crashing planes to overheating nuclear power plants to swiping company data and billing records, crushing entire companies. Sounds impossible? Perhaps you didn't read the headlines earlier this month that highlighted a computer virus in the cockpits of the U.S. drone fleet that logged every keystroke of these drones while they flew missions over war zones. Yes, the danger is very real, and combined with a great storyline (which I won't spoil -- read it for yourself), it had me on the edge of my seat.

More at :-
http://www.infoworld.com/d/microsoft-windows/micro...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Member 9th Nov, 2011 22:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla releases Firefox 8 and Thunderbird 8

Keeps to its six week schedule
By Lawrence Latif
Wed Nov 09 2011, 17:18
OPEN SOURCE OUTFIT Mozilla released Firefox 8 earlier today.
Mozilla's rapid-release schedule meant that Firefox 8 was out the door just six weeks after Firefox 7 hit the download mirrors. The latest version of the popular web browser adds Twitter search and improvements to WebGL, among other additions and improvements.
Mozilla has made general improvements and bug fixes in Firefox 8 but this release focuses on WebGL, a standard that offers hardware-accelerated 3D graphics without the need for plug-ins. Firefox 8 has support for cross-origin resource sharing, effectively allowing developers to securely load textures from multiple domains, which is a pretty important feature for cheap and easy load balancing.
As is standard practice, Mozilla also released Firefox 8 for Android and Thunderbird 8 at the same time. The latest Firefox for Android has Master Password, which stores usernames and passwords and should, in theory, keep those details safe even if your Android device is lost or stolen.
Mozilla's Thunderbird 8 messaging client now runs on the Gecko 8 engine and primarily fixes security vulnerabilities, disables add-ons that were installed by third party programs by default and makes changes to attachment processing. The Enigmail PGP security add-on has not been updated to be compatible with Thunderbird 8 yet, however, so those who use Enigmail might want to wait awhile before upgrading Thunderbird.

More at :-
http://www.theinquirer.net/inquirer/news/2123962/m...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Member 10th Nov, 2011 06:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 10th Nov, 2011 07:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
DOJ charges seven in massive clickjacking scheme
The Justice Department is indicting seven individuals with hijacking more than 4 million computers across 100 countries
By Agam Shah and Joab Jackson

The U.S. Department of Justice is charging seven individuals with 27 counts of wire fraud and other computer-related crimes, alleging that the group hijacked four million computers across 100 countries in a sophisticated clickjacking scheme.

The DOJ is holding a press conference in New York at 1 p.m. to reveal further details of the indictment, which has been filed in the U.S. District Court of New York.

According to the indictment, the defendants had set up a phony Internet advertising agency, entering into agreements with online ad providers that would pay the group whenever its ads where clicked on by users. The group's malware, which they had planted on millions of user computers, would redirect the computers' browsers to its advertisements, thereby generating illicit revenue

Read more at :-
http://www.infoworld.com/d/security/doj-charges-se...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Member 10th Nov, 2011 19:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Steam Forums Hacked?

Forum users' e-mail addresses may have been accessed.

November 09,
According to Eurogamer, the Steam gaming forums have been taken down following an apparent security breach.

"The outlet states that a message board in the forums was 'defaced' Monday night; the forums were subsequently taken down and replaced with a message from Steam stating they are 'offline for maintenance,'" writes Ars Technica's Casey Johnston.

"Because some players have reported receiving spam with similar content to the material illicitly splashed across the forums, it's possible that whoever hacked the site may have obtained the e-mail addresses of users who have registered with the site," Johnston writes.

Go to "Steam forums taken offline following possible security breach" to read the details.

http://www.esecurityplanet.com/hackers/steam-forum...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 10th Nov, 2011 19:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 50
Member 10th Nov, 2011 21:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 11th Nov, 2011 10:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 52
Member 11th Nov, 2011 16:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 53
Member 11th Nov, 2011 21:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Forrester to security pros: Think before rushing to fix security holes
Report advises not fixing security holes immediately after a data breach since that could destroy evidence needed to prosecute cyber criminals
By Ellen Messmer |


Forrester Research this week published a report that advises security professionals not to jump the gun on fixing security deficiencies immediately after a data breach is identified since that could destroy valuable evidence needed to prosecute cyber criminals.

In the report "Planning for Failure," Forrester analysts John Kindervag and Rick Holland make the argument that rushing to fix security after a data breach could be the wrong approach. "You must decide if you want to prosecute before you remediate," the report argues. "Things work differently in real life than it does on your favorite crime investigation show. Too often, companies clean up a breach and then decide later they want to find and prosecute the perpetrator."

Read more at :-
http://www.infoworld.com/d/security/forrester-secu...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 12th Nov, 2011 12:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hackers may have spent years crafting Duqu
Gang customized attack files for each target, says Kaspersky Lab
By Gregg Keizer | Computerworld

The hacker group behind Duqu may have been working on its attack code for more than four years, new analysis of the Trojan revealed Friday.

Moscow-based Kaspersky Lab published some findings today from a recent rooting through Duqu samples provided by researchers in the Sudan, saying that one driver included with the attack payload was compiled in August 2007, extending the timeline of the gang's work.

"We can't be 100 percent sure [of that date], but all the compiled dates of other files seem to match to attacks," said Roel Schouwenberg, a senior researcher with Kaspersky, in an interview today. "So we're leaning towards that date as correct."

Read more at
http://www.infoworld.com/d/security/hackers-may-ha...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 12th Nov, 2011 12:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 12th Nov, 2011 12:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 12th Nov, 2011 18:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 12th Nov, 2011 21:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Boost for move to new net addressing scheme

Time is running out for the net's older addressing scheme

Efforts to shift the internet to a new addressing system have been boosted by US internet service provider Comcast.

The firm has begun switching some customers over to a system built around the net's new addressing scheme, called IP Version 6 (IPv6).

The change is needed because the older version has almost exhausted its pool of available addresses.

Some small UK ISPs have also begun putting domestic customers on a network that uses the new system.

Comcast is carrying out a trial in Pleasanton, California that will see some customers in the town being connected to a network built around IPv6. To do this they will need home hardware that can handle IPv6 and its forerunner- IPv4.

More at :-
http://www.bbc.co.uk/news/technology-15691319

--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 13th Nov, 2011 14:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
By Eduard Kovacs
Dutch ISPs: Pirate Bay Shutdown Could Affect Entire Network

Two of the largest internet service providers from the Netherlands stated in a court of law that blocking their account holders from accessing the infamous Pirate Bay website could have undesired effects on their network.

TorrentFreak reports that BREIN, a Dutch anti-piracy outfit, wants to order ISPs to implement a blockade that would prevent the accessing of TPB, but two of the largest companies, Ziggo and Xs4all, are arguing that such a restriction is not as easy as some believe.

While BREIN believes that the internet providers have the means to easily restrict the torrent website, the ISPs claim that it's not only a technical challenge, but also a violation of human rights and freedom of expression.

Xs4all representatives state that the ones who own the site should be held responsible for copyright issues instead of those who merely facilitate the access.

BREIN on the other hand says that the freedom of expression arguments don't hold water, highlighting the fact that copyright owners also have the right to protect what's theirs.

The anti-pirates claim that the main reason for which the Ziggo and Xs4all won't set up the blockade is because they profit from the controversial website. The fear of losing customers is one of the main concerns ISPs have related to such restrictions.

While TPB founders are struggling to get out of jail and out of the obligations to pay enormous fines, the website they created is long debated around the world between rights groups and ISPs.

In Belgium, each and every provider was forced to block their account holders from accessing the BitTorrent site, but due to an error in the court order, companies could take advantage of the slip to continue providing account holders access to the website.

http://news.softpedia.com/news/Dutch-ISPs-Pirate-B...

--
Was this reply relevant?
+0
-0
mogs CClip 60
Member 14th Nov, 2011 11:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 14th Nov, 2011 11:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 14th Nov, 2011 13:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

1 2 3 4 5 6 7 8 9 10 11 12 13

Wi-Fi security do's and don'ts
Wi-Fi is inherently susceptible to hacking and eavesdropping, but it can be secure if you use the right security measures. Unfortunately, the Web is full of outdated advice and myths, but here are some do's and don'ts of Wi-Fi security addressing some of these myths.

Master your security with InfoWorld's interactive Security iGuide

http://www.infoworld.com/d/security/wi-fi-security...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 14th Nov, 2011 13:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Large-scale data theft fazes Finnish police

Finnish police on Monday called on users of online services to change their passwords after nearly 15,000 user names and passwords were stolen and published on the Internet.


"If I could get one message across to people, it would be to change your passwords, especially the important ones," Timo Piiroinen of the National Bureau of Investigation told AFP.
Piiroinen confirmed that the 14,600 passwords posted online late Saturday night appeared to be connected to a previous incident, in which the personal data of nearly 16,000 Finns were hacked into and made public.
"We have been told that some passwords match email addresses in the earlier incident," he explained.
Police are investingating the two indicents as part of a larger case of identity and data theft.
"We are treating both cases as connected," Piiroinen said.

http://www.physorg.com/news/2011-11-large-scale-th...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 14th Nov, 2011 13:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Large-scale data theft fazes Finnish police

Finnish police on Monday called on users of online services to change their passwords after nearly 15,000 user names and passwords were stolen and published on the Internet.


"If I could get one message across to people, it would be to change your passwords, especially the important ones," Timo Piiroinen of the National Bureau of Investigation told AFP.
Piiroinen confirmed that the 14,600 passwords posted online late Saturday night appeared to be connected to a previous incident, in which the personal data of nearly 16,000 Finns were hacked into and made public.
"We have been told that some passwords match email addresses in the earlier incident," he explained.
Police are investingating the two indicents as part of a larger case of identity and data theft.
"We are treating both cases as connected," Piiroinen said.

http://www.physorg.com/news/2011-11-large-scale-th...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 14th Nov, 2011 17:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 14th Nov, 2011 20:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
F-Secure finds malware signed with stolen digital certificate
The certifcate allowed the malicious software to appear legitimate when installed

By Jeremy Kirk
IDG News Service - Researchers from security vendor F-Secure have spotted a rare malicious software sample that carried a valid code-signing certificate from a Malaysian governmental institution.

A code-signing certificate is a kind of digital signature that ensures the authenticity and integrity of an application to be run on a computer. Malicious software programs often present fake digital signatures, but ones that are legitimate and attached to malware are rare, said Mikko Hypponen, chief research officer for F-Secure.

The certificate was signed by "anjungnet.mardi.gov.my," which is part of Malaysia's Agricultural Research and Development Institute. Hypponen said F-Secure contacted the organization, which then found that a Windows server responsible for generating the certificates had been hacked.

The organization said it was unsure how long the server may have been compromised, Hypponen said.

Read more at
http://www.computerworld.com/s/article/9221800/F_S...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 14th Nov, 2011 21:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Web privacy tools to warn of internet tracking cookies

The technologies will help users manage how much sites know about who they are

Internet users will receive a warning if sites do not respect their privacy thanks to new tools being developed by the web's standards setting body.

The World Wide Web Consortium (W3C) wants to help users control how their personal data is managed.

It is designing controls to shield personal data and reveal when sites do not honour privacy requests.

The W3C now wants users, browser makers and businesses to help finish and implement the specifications.

Read more at :-
http://www.bbc.co.uk/news/technology-15723407

--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 15th Nov, 2011 08:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Dev Channel Update
Monday, November 14, 2011 | 16:13
Labels: Dev updates

The Dev channel has been updated to 17.0.938.0 for Windows, Mac, Linux, and Chrome Frame. This build contains the following updates:
Updated V8 - 3.7.6.0. This release includes the new garbage collector.
Windows: Fixed a bug where the missing plug-in infobar would not do anything (issue 103216).
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
7 comments | Links to this post | Email Post
http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 15th Nov, 2011 09:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 15th Nov, 2011 20:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Old Java versions breed new security exploits
You may be tempted to keep various versions of Java running on your systems, but doing so leaves you exposed to security threats
By Roger A. Grimes | InfoWorld

There's no denying the popularity of Java, as evidenced by its ubiquity on home and work systems worldwide. But it's easy for computers -- both in homes and at organizations -- to have multiple versions of Java installed, thus exposing those systems to security exploits. IT admins need to do a better job of closing those holes. One critical step, which I've recommended for years, is for admins and users to update to the most recent version of Java (applications permitting) and to remove all other existing versions.

Java's security shortcomings are well documented. It, along with Adobe products, made up all top 10 successful exploit spots last year, according to Kaspersky. What's more, Microsoft's Security Intelligence Report 11 noted that Java was "responsible for between one-third and one-half of all [recent] exploits." Over the past six months, I've found Java to be the most common exploit vector in all the cases I've personally investigated. Even Oracle recommends that customers remove old versions of Java and use only the latest patched versions.

More at :-
http://www.infoworld.com/d/security/old-java-versi...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 15th Nov, 2011 21:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Hackers in Brazil have for the first time created malware that uses encrypted blocks of code to sneak around antivirus programs
By James Mulroy | PC World

Malware just got sneaky! Well, sneakier, that is. Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.

Recently Dmitry Bestuzhev, Kaspersky Lab's Head of Global Research and Analysis Team for Latin America, was looking over some potentially malicious links from Brazil when he discovered some files with .jpeg filename extensions. At first glance, Bestuzhev thought that they were some form of steganography -- the art and science of hiding messages. But upon further inspection, the researcher discovered that they were actually more like .bmp (bitmap) files, than JPEGs.

The data contained within the files themselves was obviously encrypted and contained some kind of malware; Bestuzhev later discovered that the data was in the form of block ciphers, a cryptographic method that encrypts 128-bit blocks of plain text into 128-bit blocks of cipher text. Since block ciphers can only be composed of 128-bit blocks, they must break up the message into several blocks and encrypt each one individually. A process called modes of operation allows a cryptographer to repeatedly use block ciphers to encrypt an entire program -- or piece of malware, in this case.

More at :-
http://www.infoworld.com/d/security/attackers-get-...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 15th Nov, 2011 21:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 15th Nov, 2011 21:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Worm Comes as Office Genuine Advantage Checker on IM

An executable file that usually comes through instant messaging applications, pretending to be an Office Genuine Advantage Checker, turns out to be a malicious worm that opens a backdoor to allow attackers to take over the controls of a machine.

Bitdefender researchers report that the file, programmed in Visual Basic, comes as an executable called office_genuine.exe and even though Microsoft retired its OGA program almost a year ago, the application that pretends to check the legitimacy of Office products is still circulating.

The piece of malware, identified as Win32.Worm.Coidung.B, doesn't come by itself, instead it brings a guest in the form of a file infector detected as Win32.Virtob. It's not yet certain if they were combined on purpose or if the latter got a piggyback ride by mistake.

More at :-
http://news.softpedia.com/news/Worm-Comes-as-Offic...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 16th Nov, 2011 09:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft to streamline Windows 8's patch process
Tweaks to updating, rebooting of patched PCs will improve security, say experts

By Gregg Keizer

Computerworld - Microsoft will reduce the number of distracting restarts for updates to Windows 8, part of its plan to simplify how people interact with the upcoming operating system, a company manager said today.

Security experts, including ones who have criticized Microsoft's updating practices in the past, applauded the changes.

"Streamlining the update effort and the better messaging is smart," said Wolfgang Kandek, chief technology officer with Qualys. "I like the improvements."

Some, though not all, of Microsoft's security and feature updates demand a PC reboot to finish installation because the code slated for changing is currently in use, said Farzana Rahman, the group program manager for Windows Update, in a long blog post today.

Read more at :-
http://www.computerworld.com/s/article/9221858/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 16th Nov, 2011 09:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft outlines its Windows Embedded roadmap

Wants to be a part of intelligent systems
By Lawrence Latif

SOFTWARE REDEVELOPER Microsoft has outed a roadmap of sorts for its Windows Embedded operating system.
Microsoft's Windows Embedded is already in a vast range of devices and while the world and his dog are looking towards Windows 8 on tablets, Microsoft wants to push Windows Embedded even further. Kevin Dallas, general manager for Windows Embedded at Microsoft laid out some of the firm's plans for the embedded operating system, claiming it will be a central part of "the move toward intelligent systems".
Dallas introduced Windows Embedded Enterprise v.Next, which the firm is saying provides full Windows application compatibility on embedded devices in ATMs and kiosks. Dallas claimed Microsoft will release this operating system within three months of Windows 8 shipping.

Read more at :-
http://www.theinquirer.net/inquirer/news/2125184/m...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 16th Nov, 2011 09:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 16th Nov, 2011 09:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
ISPs could have stopped massive click-fraud operation
In the wake of the massive DNSChanger click-fraud scam, security experts call on ISPs to do more
By Ted Samson | InfoWorld


In the wake of the successful bust of an alleged click-fraud operation that netted cyber criminals more than $14 million, security experts are bringing to light more information that could help organizations and end-users alike protect themselves from similar threats. Experts are also asking whether ISPs could and should have done more to protect Internet users from the attacks that had been going on for four years.

Dell SecureWorks, for example, has released a report explaining how perpetrators allegedly managed to infect upward of 4 million PCs worldwide with the DNSChanger Trojan that enabled them to rack up illicit profits for so long. The FBI, meanwhile, has provided detailed information as to how organizations and users can assess if their systems are infected. Finally, the Spamhaus Project has observed that ISPs could have acted early on to protect Internet users from the Rove Digital cyber crime gang activities.

Read more at :-
http://www.infoworld.com/t/web-security/isps-could...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 16th Nov, 2011 11:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 16th Nov, 2011 19:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 16th Nov, 2011 19:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Intel's 'Knights Corner' chip hits supercomputing speed
The processor, designed for high-performance apps, can run at 1 teraflop

By Patrick Thibodeau

Computerworld - SEATTLE -- Intel has produced a new chip that can operate at a sustained speed of one teraflop -- the type of supercomputing speed the U.S. government paid $55 million for 15 years ago. A teraflop is one trillion calculations per second.

This chip, called Knights Corner, was shown for the first time at the SC11 supercomputing conference here.

Intel isn't yet releasing all of the specs on the processor, including the amount of power it uses or its exact number of cores (it's more than 50). But the chip already has one large customer and a delivery date to make next year.

More at :-
http://www.computerworld.com/s/article/9221870/Int...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 16th Nov, 2011 19:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft: We won't update others' Windows apps
Missing a chance to make 'huge leap' in Windows security, argues expert

By Gregg Keizer

Computerworld - Microsoft on Tuesday slammed the door on updating third-party software via Windows Update in the upcoming Windows 8.

One security expert said the company was missing a big opportunity to improve the overall security of Windows PCs.

The new operating system will not update non-Microsoft software, said Farzana Rahman, the group program manager for Windows Update, in a blog post.

"The wide variety of delivery mechanisms, installation tools, and overall approaches to updates across the full breadth of applications makes it impossible to push all updates through [the Windows Update] mechanism," said Rahman. "As frustrating as this might be, it is also an important part of the ecosystem that we cannot just revisit for the installed base of software."

Rahman's statement was the clearest one ever made by Microsoft regarding the fact that it would not take other applications under its update wing.

More at :-
http://www.computerworld.com/s/article/9221879/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 17th Nov, 2011 09:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 17th Nov, 2011 09:11
Chrome Stable Channel Update
Wednesday, November 16, 2011 | 15:05
Labels: Stable updates

The Stable channel has been updated to 15.0.874.121 for Windows, Mac, Linux and Chrome Frame platforms

All
Updated V8 - 3.5.10.24
This build contains the fix to a regression: SVG in iframe doesn't use specified dimensions (Issue: 98951)
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[$1000] [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler.
Full details about what changes have been made in this release are available in the SVN revisions log. Interested in switching to another channel? Find out how. If you find a new issue, please let us know by filing a bug.


Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 17th Nov, 2011 09:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 17th Nov, 2011 11:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Nearly a Fifth of Adult Population in UK Has Never Been Online

Written by
Ravi Mandalia

17 November, 2011uk online internet

Nearly one fifth of the adult population of UK has never accessed the Internet a recent report by Office of National Statistics (ONS) has claimed.

The collected by ONS showed that 17 percent UK adults have never used internet. The third quarter of 2011 data shows that 8.43 million out of the total adult population in UK never had been online, reported ITPro.

To increase these numbers Race Online 2012 is putting every effort to get as many persons as possible to use web by 2012.

ONS in their report mentioned that, "Internet use is linked to various socio-economic and demographic characteristics, such as age, disability, location and earnings". They also reported that adults over 65 years who are widowed or are people with disabilities are most likely never to use internet.



Read more: http://www.itproportal.com/2011/11/17/nearly-fifth...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 17th Nov, 2011 15:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 17th Nov, 2011 16:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 17th Nov, 2011 16:23
Home Office considers new laws to combat cyber stalking
Public invited to contribute to review of Harassment Act
The Home Office is considering adding stalking, including cyber stalking to existing harassment laws.
It has set up a 12-week online consultation process and has asked the public, charities and victims to contribute their views on the problem.
Stalking and particularly cyber stalking is a growing problem. According to last year's British Crime survey, more than one million women and nearly the same number of men (900,000) are reported stalking incidents in the UK, so the government department has set up an online consultation.
The consultation will close on 5 February 2011
Read more at :-
http://www.computeractive.co.uk/ca/news/2125489/ho...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 17th Nov, 2011 16:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 17th Nov, 2011 16:35


--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 17th Nov, 2011 19:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
More on......
The patch for a zero-day denial-of-service flaw in BIND
prevents crashes but doesn't fix the actual vulnerability
By Lucian Constantin | IDG News Service


The Internet Systems Consortium (ISC), an organization that maintains several software products critical for Internet infrastructure, has released a patch for an actively exploited denial-of-service vulnerability in the widely used BIND DNS server.

ISC launched an investigation into the issue Wednesday after many organizations around the world reported that their BIND 9-based DNS resolvers crashed unexpectedly. For example, judging by the comments posted in response to an Internet Storm Center alert, dozens of universities across the U.S. experienced the problem.

The DNS (Domain Name System) is used to translate domain names into IP (Internet Protocol) addresses, computers and network devices querying the defined DNS servers each time a website is accessed.

These DNS resolvers query other servers further up the chain in order to retrieve the correct answers. To speed up the process for future queries, the answers are cached locally for a period of time.

ISC determined that the crashes are the result of an inconsistent record being cached and then served to clients. It's not yet clear what kind of network event causes the BIND resolvers to cache the malformed record in the first place.

It could be either a deliberate attack or an unintended anomaly, but according to Carsten Eiram, chief security specialist at vulnerabilty research company Secunia, the first scenario is more likely. "Based on the public reports and information we've received, it seems to be caused by malicious attacks," he said.


http://www.infoworld.com/d/security/isc-patches-bi...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 18th Nov, 2011 21:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Mozilla makes progress on Firefox silent updates
Every-six-week release schedule leaves more users running older versions

By Gregg Keizer
November 18, 2011 12:58 PM ET
Computerworld - Mozilla is making progress on adding a silent update mechanism to Firefox, with plans to integrate the new service in Firefox 10 early next year.

But one of the developers working on the feature cautioned that silent update might slip.

"At this point, we're not quite sure which version of Firefox this will land in.... We're working to land it as soon as is safely possible," Ehsan Akhgari, a Firefox engineer in charge of one of the silent update components, said in a blog post last weekend.

Akhgari's part of the project is to minimize the amount of time it takes Firefox to launch after downloading an update.

To do so, he's come up with a way to stage the downloaded update -- essentially an updated copy of Firefox -- in a separate Windows directory, then swap the older edition with the newer one the next time the user starts up Firefox.

Read more at :-
http://www.computerworld.com/s/article/9222011/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 18th Nov, 2011 21:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
If you're interested in testing the next version of Microsoft Security Essentials, head over to the Microsoft Connect site. The location of the signup site leaked yesterday, when Microsoft began sending email invitations to previous beta testers who had tested Microsoft Security Essentials version 2, which shipped last December.
NOVEMBER 18, 2011
Leaked email reveals Microsoft Security Essentials beta program
If you'd like to test the next version of Microsoft Security Essentials, sign up now -- in case Microsoft withdraws the offer
By signing in with your Live ID and venturing to the page, you should be added to the beta list. If you're interested, do it now, just in case Microsoft withdraws the offer.

The Web page itself won't tell you anything of interest, beyond "Thank you for participating in the Microsoft Security Essentials Beta program, which will start soon." But here's what the leaked email said:

Thank you so much for being a part of the Microsoft Security Essentials v2 Beta.

You have indicated that you are interested in receiving invites for Connect programs from Microsoft, so we would like to invite you to participate in the Microsoft Security Essentials Public Beta program on Microsoft Connect.

This program is for the newest Beta version of Microsoft Security Essentials which has the latest protection features. Be one of the select few who get access to this Beta release by signing up now to reserve your spot!

Read more at :-
http://www.infoworld.com/t/anti-virus/leaked-email...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 18th Nov, 2011 21:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Chrome Dev Channel Update
Thursday, November 17, 2011 | 16:12
Labels: Dev updates

The Dev channel has been updated to 17.0.942.0 for Windows, Mac, Linux, and Chrome Frame. This build contains the following updates:

All
Updated V8 - 3.7.7.0.
Fixed New Tab page apps re-ordering issue.
Policy support for disabling the Cloud Print Connector has been added.
Windows
Fixed an issue where Chrome app windows would hang. [r110239]
Known Issues
Crash when notification occurs [Issue: 103427]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
14 comments | Links to this post | Email Post

Stable Channel Update for Chromebooks
| 15:36
Labels: Chrome OS, Stable updates
The Stable channel has been updated to 15.0.874.121 (Platform version: 1011.137) for Chromebooks (Acer AC700, Samsung Series 5, and Cr-48).

Highlights:
New flash
Security fixes
Stability fixes
If you find new issues, please let us know by visiting our help site or filing a bug. You can also submit feedback using "Report an issue" under the wrench icon. Interested in switching to the Dev channel? Find out how.

Josafat Garcia
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 18th Nov, 2011 22:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 18th Nov, 2011 22:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
DevilRobber Trojan Gets New Disguise

The new version is being distributed as the image-editing program PixelMator.


F-Secure researchers recently uncovered a new variant of the DevilRobber Trojan.

"The original DevilRobber was being distributed in pirated versions of the popular program Graphic Converter, and in similar form the malware developers are targeting additional graphics tools by releasing this new version disguised as the popular image-editing program PixelMator," writes CNET News' Topher Kessler.

"Unlike the original version of the malware that ran embedded in full versions of Graphic Converter, the new version contains none of the legitimate PixelMator code and instead is only disguised as the program," Kessler writes. "When run, the fake PixelMator program acts as a basic downloader that will contact some FTP servers and download and install the malware."

Go to "DevilRobber Trojan now disguised as PixelMator" to read the details.

http://www.esecurityplanet.com/malware/devilrobber...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 19th Nov, 2011 09:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
French official: Europe must defend privacy rights
November 18, 2011 By JAMEY KEATEN , Associated Press
(AP) -- Europe and the United States don't agree on how to strike the right balance between protecting privacy rights and battling the terror threat, the head of France's data protection watchdog said Friday.

Isabelle Falque-Pierrotin said the EU Justice Commissioner, Viviane Reding, should defend data privacy rights amid "strong" pressure from U.S. officials to get access information about European citizens for security reasons.
"In my view, notably in the international sphere and in talks with the United States, the balance between data protection and security is very strained," Falque-Pierrotin told The Associated Press in an interview.
European authorities "understand" America's concerns about terrorism in the wake of the 9/11 terror attacks, she said. But Europe "is trying to negotiate to make sure that data and Internet privacy is respected. On that matter, we're not totally aligned."
The EU said Thursday it had signed an accord with the United States over air-passenger data for flights from Europe to America that will limit what information U.S. officials can use and will improve data protection. The agreement replaces one in 2007 that the European Parliament criticized for having given U.S. authorities too much authority to view the private data of EU citizens

More at :-
http://www.physorg.com/news/2011-11-french-europe-...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 19th Nov, 2011 09:11
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Norway hit by major data-theft attack
November 17, 2011
(AP) -- Data from Norway's oil and defense industries may have been stolen in what is feared to be one of the most extensive data espionage cases in the country's history, security officials said Thursday.

Industrial secrets from companies were stolen and "sent out digitally from the country," the Norwegian National Security Authority said, though it did not name any companies or institutions that were targeted.
At least 10 different attacks, mostly aimed at the oil, gas, energy and defense industries, were discovered in the past year, but the agency said it has to assume the number is much higher because many victims have yet to realize that their computers have been hacked.
"This is the first time Norway has unveiled such an extensive and widespread espionage attack," it said.
Spokesman Kjetil Berg Veire added it is likely that more than one person is behind the attacks.
The methods varied, but in some cases individually crafted e-mails that, armed with viruses, would sweep recipients' entire hard-drives for data and steal passwords, documents and confidential documents.
The agency said in a statement that this type of data-theft was "cost-efficient" for foreign intelligence services and that "espionage over the Internet is cheap, provides good results and is low-risk." Veire would not elaborate, but said it was not clear who was behind the attacks.

More at :-
http://www.physorg.com/news/2011-11-norway-major-d...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 19th Nov, 2011 09:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

SCADA hack blamed for breach at US water plant
by Shaun Nichols

19 Nov 2011

The remote breach of a SCADA controller unit has been credited with causing the partial shutdown at a US water processing plant, causing experts to once again question the security of vital infrastructure.
Authorities say an attacker was able to obtain login credentials and access a SCADA controller which managed a water pump in Illinois. The credentials are believed to have been obtained through a breach at a firm which develops controller software for the device.

More at :-
http://www.v3.co.uk/v3-uk/news/2126382/scada-hack-...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 19th Nov, 2011 09:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Facebook Accounts May Be More Valuable Than Credit Cards

Security experts predict that next year the industry will face a lot of new challenges, many of the things that until now have not been considered so important, will affect regular users and organizations worldwide.

Websense Security Labs released their predictions for 2012 concerning the threats that will target individuals and companies.

One of the most frightening things refers to the increase in value of social media accounts, which will be sold like warm bred in underground forums, since by possessing these accounts, crooks can manipulate the victim's friends and thus acquiring even more targets.

The advanced persistent attacks (APT) of 2012 are expected to rely on this since operations that make use of social media chat functionality are not uncommon, but they're estimated to become main attack vectors for APTs, along with mobile and cloud exploits.

Another prediction refers to the fact that social engineering, one of the most popular methods used by hackers in their operations, will rely more on new mobile features such as location-based services.

More at :-
http://news.softpedia.com/news/Facebook-Accounts-M...

--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS November
Member 19th Nov, 2011 09:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
General observation from Mogs

Regardless of nationality..........
Banks do not burn fingers :
Cybercriminality and spy-where(?), fear not to " write" ?
I must have made a few internet friends with my language ?
Very often I get sore eyes.......
Who's with the Zombies ?!
International colaberation or warfare ?! Sometimes I still manage poetic !
It doesn't look like a battlefield ?!!
Save the internet for the children ?


--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 19th Nov, 2011 16:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 19th Nov, 2011 16:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Malware loves Windows Task Scheduler
More malware is using Windows Task Scheduler to do its dirty work. Here's how to mitigate this surprising attack vector
Malware authors have been using the Windows Task Scheduler (or AT.exe jobs) to victimize hosts for at least a decade, but the Stuxnet worm seems to have ushered in a renaissance. Recent Zlob variants have made frequent use of Task Scheduler; the widespread click-fraud Trojan Bamital drew on Task Scheduler as well.

Stuxnet exploited Task Scheduler in a way that was previously unknown -- it was a true zero-day attack. But malware doesn't have to get too fancy to put Task Scheduler to ill use. For example, malware will often create a task that looks for certain preconditions to launch, downloads new malicious code on a schedule, or uses scheduled tasks as a way to always remain in memory. I've seen malware hunters struggle to find out how the malicious code "keeps re-infecting their clean system." Answer: Check the Task Scheduler.


Unfortunately, I'm finding more and more examples of new malware and even APT-style attacks that are abusing Task Scheduler and AT.exe, and they are being sneaky about it. Now is a good time for all of us to check the Task Scheduler.

More at :-
http://www.infoworld.com/t/malware/malware-loves-w...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 19th Nov, 2011 17:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 100
Member 20th Nov, 2011 17:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Backdoor Trojan Being Distributed via Facebook

A variety of messages lead to fake YouTube pages, where victims are tricked into downloading malware.
Microsoft is warning of a new social engineering campaign aimed at tricking users into installing a backdoor Trojan.

"The messages used to lure in users vary, but they all lead to fake YouTube pages," writes Help Net Security's Zeljka Zorz. "Once there, the user is urged to download a new version of 'Video Embed ActiveX Object' in order to play the video file."

"Unfortunately, the offered setup.exe file is the Caphaw Trojan, which bypasses firewalls, installs an FTP and a proxy server and a keylogger on the affected machine," Zorz writes.

Go to "Backdoor Trojan pushed via versatile Facebook campaign" to read the details.

http://www.esecurityplanet.com/malware/backdoor-tr...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Member 20th Nov, 2011 17:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Rails Security Updates Patch XSS Vulnerability

The flaw could allow an attacker to insert arbitrary code into a page.

Ruby on Rails has been updated to patch a security flaw.

"According to the developers, a cross-site scripting (XSS) vulnerability in the helper method for i18n translations could be exploited by an attacker to insert arbitrary code into a page," The H Security reports.

"Rails 3.0.0 and later, as well as 2.3.x in combination with the rails_xss plug-in, are affected," the article states.

Go to "Rails updates close XSS hole" to read the details.

http://www.esecurityplanet.com/patches/rails-secur...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Member 21st Nov, 2011 08:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 21st Nov, 2011 08:43
New malware variants are set to surpass 75 million by the end of the year, according to McAfee.
The company said in its quarterly threat report that the volume of new samples is surpassing its early estimates and forcing the company to raise its forecast.

Toralv Dirro, McAfee Labs EMEA security strategist told V3 that the growth in new malware is largely due to the rise in crimeware toolkits. With criminals increasingly using automated tools to generate malware, the level of unique samples is climbing higher than ever.
"Most of it is a handful of trojan kits," Dirro explained, "there are not as many people trying to write that trojan up from scratch."
Also helping to drive malware levels is an increasing interest in the mobile space. The company found that malware writers are increasingly targeting Android handsets with premium number diallers and other mobile-focused infections.

Read more at :-
http://www.v3.co.uk/v3-uk/news/2126384/malware-loa...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Member 21st Nov, 2011 09:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
123456: The Worst Passwords of 2011
By Jared Newman, PCWorld

Internet users never learn. No matter how many times we hear about obvious, hackable passwords, people keep using them. And the situation doesn't seem to be getting better.

Below is a list of the 25 worst passwords of 2011, compiled by SplashData. The security software developer generated the list from millions of actual stolen passwords, posted online by hackers. Not surprisingly, the most common passwords are also the worst, including "password," "123456" and "qwerty." Even passwords that seem kind of unique, like "trustno1" and "shadow" are actually quite common. And why does "monkey" always show up on these lists?

More at :-
http://www.pcworld.com/article/244288/123456_the_w...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Member 21st Nov, 2011 09:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 105
Member 21st Nov, 2011 21:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Despite controversy, cybercrime treaty endures

By Jeremy Kirk
November 21, 2011 11:51 AM ET
IDG News Service - Delegates from around the world are meeting in France this week to discuss the only international treaty dealing with cybercrime, a treaty that has come under fire from some countries but defended by others as a crucial tool in fighting electronic crime.

Wednesday marks the 10th anniversary of the Convention on Cybercrime, also known as the Budapest Convention. The treaty, which was opened for signatures in November 2001, sets guidelines for laws and procedures for dealing with Internet crime.

The treaty has formed a foundation for global law enforcement of cyberspace, requiring countries who abide by it to have uniform anti-cybercrime laws and law enforcement contacts available around the clock, among other requirements.

The Convention is overseen by the Council of Europe, an organization founded in 1949 that also oversees the European Convention on Human Rights.

Council of Europe member countries can sign the treaty, and once their national laws conform with the treaty, their national legislatures can ratify it. Countries outside the council are invited to accede to the treaty.

More at :-
http://www.computerworld.com/s/article/9222063/Des...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Member 21st Nov, 2011 21:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
OpenPGP JavaScript implementation allows Webmail encryption
German company releases OpenPGP Chrome extension to facilitate Webmail encryption
By Lucian Constantin | IDG News Service

Researchers from German security firm Recurity Labs have released a JavaScript implementation of the OpenPGP specification that allows users to encrypt and decrypt Webmail messages.

Called GPG4Browsers, the tool functions as an extension for Google Chrome and now is capable of working with Gmail.

According to its developers, GPG4Browsers is a prototype, but it supports almost all asymmetric and symmetric ciphers and hash functions specified in the OpenPGP standard.

The OpenPGP specification uses public key cryptography to encrypt and digitally sign messages and other data. It is based on the original PGP (Pretty Good Privacy) program and is most commonly used for securing email communications.

Read more at :-
http://www.infoworld.com/d/security/openpgp-javasc...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Member 22nd Nov, 2011 08:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Boost in IPv6 use is only one step to solution

By Stephen Lawson
IDG News Service - Support for IPv6 has grown by almost 20 times in the past year by one measure, but most websites still can't be reached without IPv4, the current Internet Protocol, which is near running out of unclaimed addresses.

The number of subdomains under .com, .net and .org that support Internet Protocol version 6 increased by about 1,900 percent in the year leading up to October 2011, according to an automated sampling of subdomains by Measurement Factory. The study, which was sponsored by IPv6 software specialist InfoBlox, used a script to automatically sample 1 percent of the subdomains under the three well-known top-level domains.

IPv4 only allows for about 4 billion addresses, whereas IPv6 has a nearly unlimited supply. ICANN (Internet Corporation for Assigned Names and Numbers), the global governing body for the Internet, assigned the last of the unclaimed IPv4 addresses to regional registry bodies earlier this year. Some enterprises and service providers are making a gradual transition to IPv6 using dual software stacks, but experts expect users eventually to come to the Internet without IPv4 addresses. They will need pure IPv6 communication, which most operators of websites can't offer today.

More at :-
http://www.computerworld.com/s/article/9222082/Boo...

--
Was this reply relevant?
+0
-0
mogs CClip 108
Member 22nd Nov, 2011 19:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
EFF proposes new method to strengthen Public Key Infrastructure
'Sovereign Keys' specification is designed to provide an additional layer of security between domain names and their certificates
By Lucian Constantin | IDG News Service

The Electronic Frontier Foundation (EFF) is proposing an extension to the current SSL chain of trust that aims to improve the security of HTTPS and other secure communication protocols.

EFF's "Sovereign Keys" (SK) specification is designed to put the control give domain owners control over the link between their domain names and their certificates after recent Certificate Authority (CA) compromises raised serious questions about the security of the entire Internet Public Key Infrastructure (PKI).

One of the main problems with the current PKI model is the lack of control over CAs and their subsidiaries. There are literally hundreds of organizations spread around the world that are allowed to issue certificates for any domain name and some of them are operated by governments that practice Internet surveillance and censorship.

More at :-
http://www.infoworld.com/d/networking/eff-proposes...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Member 22nd Nov, 2011 19:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 110
Member 22nd Nov, 2011 19:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Gamekeeper turned poacher

By John Leyden

Posted in Malware, 22nd November 2011 14:14 GMT

A law enforcement Trojan takes advantage of the same recently patched iTunes flaw also used by Ghost Click botnet, according to a demo at a recent German trade show.

Spiegel Online reports that a promo video for a variant of the FinFisher spyware application shows it exploits a vulnerability in iTunes to update the software on targeted systems. Prior to a recent update, iTunes used an unencrypted HTTP request to poll for the latest version of Apple's media player software. This technique created an opening for man-in-the-middle attacks, providing Apple Software Updater is not in play*.

Instead of receiving the URL for the latest version of the iTunes from Apple, an attacker could send a dummy update request that induces victims to visit a counterfeit webpage under the control of attackers.

For the redirection to work, a machine would already need to be infected with the DNSChanger software (in the case of the alleged Ghost Click botnet operators) or in the case of law enforcement agencies using Gamma's FinFly ISP technology, you'd need ISPs to be in on the redirection ruse.

FinFisher is marketed by Gamma International to cops and spooks as a means to tap the Skype calls, IM chats and emails of suspected criminals. Documents found during the ransacking of Egypt's secret police headquarters, at the height of the Arab Spring uprising, suggest that the Mubarak regime purchased FinFisher to spy on dissidents. Gamma International, which denies selling its wares to Egypt, ran a stall at the Cyberwarfare Europe conference in Berlin back in September. Delegates to the conference included government and business representatives from the United Arab Emirates, Indonesia and Malaysia.

http://www.theregister.co.uk/2011/11/22/trojan_exp...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Member 22nd Nov, 2011 19:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
SeaMonkey 2.5 has been released. Users that like their browser brimming with features plus the kitchen sink should rejoice. Based on the relatively recent Firefox 8, which has already been updated to Firefox 8.0.1, SeaMonkey 2.5 doesn't really bring anything new in terms of specific features.

The big new things in SeaMonkey 2.5 come straight from Firefox. These include a new checker for add-ons installed by third-party software, which now get blocked at startup unless the user specifically chooses to continue to use them.

SeaMonkey 2.5 also brings better support for HTML5, in particular the video and audio support. Firefox 8's launch details should be a good guide to what's new in SeaMonkey.

As for specific SeaMonkey updates, there are only some minor bug fixes and patches. You can get the full list in the changelog.

SeaMonkey 2.5 is available for Windows, Mac and Linux.

http://news.softpedia.com/news/SeaMonkey-2-5-Based...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Member 23rd Nov, 2011 08:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 113
Member 23rd Nov, 2011 08:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft claims significantly reduced Windows 8 installation times

Should make the annual reinstall go by a little quicker
By Lawrence Latif
Tue Nov 22 2011, 13:41

SOFTWARE CHURN ARTIST Microsoft claims to have slashed installation times for Windows 8.
Christa St. Pierre, part of Microsoft's Setup and Deployment Team claimed the firm has managed to trim significant fat from Windows 8's installation procedure, requiring fewer clicks and shorter install time. According to St. Pierre, a clean install of Windows 8 should take just 21 minutes, compared to 32 minutes for Windows 7.
Microsoft is particularly proud of the speed-up it claims to have achieved when users migrate applications and data from previous installations. In this area St. Pierre admitted Windows 7 wasn't particularly good, saying, "If you had a large number of files on your system, you may have seen that installation times in Windows 7 didn't scale very well."

More at :-
http://www.theinquirer.net/inquirer/news/2126868/m...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Member 23rd Nov, 2011 08:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 115
Member 23rd Nov, 2011 08:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla has released its first bug-fixing update to the latest Firefox 8. The new Firefox 8.0.1 fixes two main bugs and possibly some more minor issues. A pre-release build Firefox 8.0.1 had previously been pushed to the Mozilla FTP servers.

It was later pulled, probably because it failed Mozilla's quality assurance tests. But Firefox 8.0.1 has now been officially released and it's safe to grab and install it. If you're already running Firefox 8, you should be getting an updated soon.

Firefox 8.0.1 fixes a bug that affected the Mac OS X version. In some cases, loading a Java Applet via the Java SE 6 1.6.0_29 would lead to a crash.

The new Firefox also fixes a startup crash bug that affected Windows users running RoboForm versions older than 7.6.2.

Firefox 8.0.1 is available for Windows, Mac and Linux.

http://news.softpedia.com/news/Firefox-8-0-1-Offic...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Member 23rd Nov, 2011 09:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
'Occupy Flash' manifesto calls for end to Adobe plug-in

The group claims that HTML 5 has won the fight for the future of web browsing

Computer users are being urged to uninstall the Flash Player plug-in by a group of US developers.

The Occupy Flash movement claims the software is buggy, crashes a lot and requires constant security updates.

Adobe recently cancelled development of its Flash plug-in for mobile devices, saying that the alternative HTML 5 offered "the best solution".

However, the firm says its software still offers a superior experience on desktop PCs.

The movement's founders said they had all coded for Flash at some point in their careers and had never worked for one of Adobe's competitors.

They said they were inspired by the other Occupy movements.

More at :-
http://www.bbc.co.uk/news/technology-15797399

--
Was this reply relevant?
+0
-0
mogs CClip 117
Member 23rd Nov, 2011 19:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 118
Member 24th Nov, 2011 11:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 119
Member 24th Nov, 2011 14:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 120
Member 24th Nov, 2011 16:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Largest DDoS attack so far this year peaked at 45Gbps, says company
Up to 250,000 compromised computers attacked an Asian e-commerce vendor over a seven-day period, according to Prolexic

By Lucian Constantin

IDG News Service - A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks.

The distributed denial-of-service attack consisted of four consecutive waves launched from multiple botnets between Nov. 5 and Nov. 12, 2011, Prolexic said.

It estimated that up to 250,000 computers infected with malware participated in the attack, many of them in China.

At the height of the attack, those computers made 15,000 connections per second to the target company's e-commerce platform, swamping it with up to 45Gbps of traffic, Prolexic said. It declined to name the company, one of its clients, citing a confidentiality agreement.

More to read at :-
http://www.computerworld.com/s/article/9222156/Lar...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Member 25th Nov, 2011 02:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Black Friday iTunes infected credit malware alert

Security experts say the infected email offers users credit for iTunes music, games and video
Criminals are targeting internet users with a new gift certificate scam, according to security experts.

Users receive an email that claims to be from Apple's iTunes store, warns the Eleven security blog.

The ZIP file attached contains malware that may allow hackers to gain access to the recipient's computer.

The blog says the attack appears to have been timed to coincide with Black Friday, one of the US's busiest shopping days.

Black Friday was the name used by Philadelphia's police department in the 1960s to describe the day after Thanksgiving because of all the traffic jams caused by people visiting the city's stores.

http://www.bbc.co.uk/news/technology-15881034

--
Was this reply relevant?
+0
-0
mogs CClip 122
Member 25th Nov, 2011 02:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 25th Nov, 2011 02:41
European Court of Justice rejects web piracy filter

Blocking general access to peer-to-peer sites was ruled to be in breach of EU laws
The European Court of Justice has ruled that content owners cannot ask ISPs to filter out illegal content.

The ruling could have implications for the creative industries as they attempt to crack down on piracy.

The court said that while content providers can ask ISPs to block specific sites, wider filtering was in breach of the E-Commerce Directive.

A Belgian court had previously ruled that a local rights holder could force an ISP to filter content.

http://www.bbc.co.uk/news/technology-15871961

--
Was this reply relevant?
+0
-0
mogs CClip 123
Member 25th Nov, 2011 02:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 124
Member 25th Nov, 2011 18:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Unpatched Apache flaw allows access to internal network
Security researcher reveals how to bypass older patch for an Apache reverse proxy vulnerability

By Lucian Constantin
November 25, 2011 08:43 AM ET
IDG News Service - A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on internal networks if some rewrite rules are not defined properly.

The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers.

In order to set up Apache HTTPD to run as a reverse proxy, server administrators use specialized modules like mod_proxy and mod_rewrite.

Security researchers from Qualys warn that if certain rules are not configured correctly, attackers can trick servers into performing unauthorized requests to access internal resources.

More at :-
http://www.computerworld.com/s/article/9222160/Unp...

--
Was this reply relevant?
+0
-0
mogs CClip 125
Member 25th Nov, 2011 18:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 126
Member 25th Nov, 2011 18:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Apple took years to fix iTunes spyware vulnerability
By David Meyer, 25 November, 2011 11:08

Apple took more than three years to fix a hole in its iTunes updater that allowed the software to be used as a distribution vector for spyware.

A recent Wall Street Journal report detailed off-the-shelf surveillance software used by regimes such the one that fell in Egypt earlier this year. One of these packages was FinFisher, sold by a UK firm called Gamma. The spyware could be disseminated through a phony update for iTunes, exploiting a flaw in the media player's updating mechanism.

Cybercrime journalist Brian Krebs wrote on Wednesday that the same flaw had been reported to Apple by Argentinian security researcher Francisco Amato in July 2008. Amato had developed a penetration tool called Evilgrade to exploit the vulnerability.

According to email exchanges between Amato and Krebs, Apple acknowledged receipt of the researcher's report but did not contact him about the findings until October 2011,when it "sent an email to confirm his name and title for the purposes of crediting him with reporting the flaw in its iTunes 10.5.1 patch release details".

More at :-
http://www.zdnet.co.uk/blogs/communication-breakdo...

--
Was this reply relevant?
+0
-0
mogs CClip 127
Member 25th Nov, 2011 18:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 128
Member 26th Nov, 2011 10:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 129
Member 26th Nov, 2011 11:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 130
Member 28th Nov, 2011 10:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Not enough encrypted drives despite numerous data breaches
By John E Dunn

USB sticks remain a big security weakness for many UK organisations with many employees using drives for data transport without permission and not bothering to report their loss, a Ponemon Institute study has found.

The study polled 451 IT staff in the UK from a global total of 2,942 on behalf of Kingston Technology, finding that 73 percent had experienced staff use of USB drives without authorisation, with 72 percent mentioning loss without notification in the last two years.

Only half of UK organisations employed some form of security policy or technology to these devices, and awareness of the risk posed by them was to be low in Britain compared to security-aware countries such as Germany.

Organisations were reluctant to enforce the use of secure drives, with 55 percent of workers using generic drives bought by themselves or picked up at conferences or trade shows.

"If you lose a laptop you can't do your work; if you lose a USB stick nobody will ever know about it," said Larry Ponemon of the Ponemon Institute. "To many people a USB stick is just a ubiquitous device."

More at :-
http://www.pcadvisor.co.uk/news/security/3321169/u...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Member 28th Nov, 2011 15:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 28th Nov, 2011 15:20


--
Was this reply relevant?
+0
-0
mogs CClip 132
Member 28th Nov, 2011 15:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 133
Member 28th Nov, 2011 15:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 134
Member 29th Nov, 2011 20:02
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Open Source FFmpeg Project Gets Security Updates

Versions 0.7.8 and 0.8.7 patch several vulnerabilities.

November 28, 2011 Share
Version 0.7.8 and 0.8.7 of the open source FFmpeg solution were recently released.

"The updates correct issues that could be exploited by an attacker to cause a denial-of-service (DoS) condition or potentially compromise an application that uses FFmpeg -- well known open source software that uses the library collection includes the VLC Media Player, MPlayer and Perian," The H Security reports.

"The vulnerabilities addressed in the update include errors in the QDM2 decoder and 'vp3_dequant()' function that could be used to trigger a buffer overflow, as well as a problem in a number of functions that could lead to out-of-bounds reads," the article states.

Go to "FFmpeg updates fix security bugs" to read the details

http://www.esecurityplanet.com/open-source-securit...

--
Was this reply relevant?
+0
-0
mogs CClip 135
Member 29th Nov, 2011 20:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 136
Member 29th Nov, 2011 20:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 137
Member 29th Nov, 2011 20:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Ministry of Defence cyber chief urges UK to follow Estonian example The UK needs to follow Estonia's example in order to improve user education and reduce the vast majority of cyber threats, giving government and industry an easier target for harm reduction, according to the head of the Ministry of Defence's Defence Cyber Operations Group.
Major General Jonathan Shaw argued at the Cyber Security 2011 conference on Tuesday that ''cyber war' is a misleading term.
"I dislike the words 'war' and 'cyber' because both imply it's something specialised and technical; other people's problems. This is absolutely wrong," he said.
"My observation is that activity in cyber space breaks down and crosses all barriers [and] distinctions between war and peace and civilians and personnel. We are all under attack all the time."
Shaw explained that the UK needs to move from a country in "pre-attack mode" to emulate Estonia, which is "an interesting example of a country in post-attack mode".
He likened the time lag that exists in the UK between the population appreciating there is a risk in cyber space and doing something about it, to a similar lag in the 1980s when the risks of contracting Aids were clearly publicised but large numbers still practised unsafe sex.

More at :-
http://www.v3.co.uk/v3-uk/news/2128527/ministry-de...

--
Was this reply relevant?
+0
-0
mogs CClip 138
Member 30th Nov, 2011 09:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 139
Member 30th Nov, 2011 09:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 140
Member 30th Nov, 2011 09:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hackers launch millions of Java exploits, says Microsoft
Cryin' shame: 60% of Windows PCs lack 18-month-old Java update, adds expert

By Gregg Keizer
November 29, 2011 02:41 PM ET
Computerworld - Hackers continue to launch attacks exploiting vulnerabilities in Oracle's Java software in record numbers, Microsoft said Monday.

Citing research from a recent report, Tim Rains, a director in the company's Trustworthy Computing group, said that up to half of all attacks detected and blocked by Microsoft's security software over a 12-month period were Java exploits.

Altogether, Microsoft stopped more than 27 million Java exploits from mid-2010 through mid-2011.

Most of those exploits targeted long-ago-patched vulnerabilities, said Rains.

The most commonly-blocked Java attacks -- to the tune of over 2.5 million of them -- in the first half of 2011 exploited a bug disclosed in March 2010 and patched by Oracle the same month. Second on the popularity chart for the full 12-month stretch was an exploit of a bug patched in early December 2008, nearly three years ago.

Read more at :-
http://www.computerworld.com/s/article/9222244/Hac...

--
Was this reply relevant?
+0
-0
mogs CClip 141
Member 30th Nov, 2011 17:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft outs cross domain sharing in Internet Explorer 10 preview

Makes it easier for users to share files
By Lawrence Latif
Wed Nov 30 2011, 14:00
SOFTWARE REDEVELOPER Microsoft has released an updated Internet Explorer 10 (IE10) preview supporting what it calls cross origin resource sharing (CORS).
Microsoft's IE10 is set to be released with the firm's upcoming Windows 8 operating system and the company has been banging on about the browser's support for and performance of HTML5. In the latest IE10 preview, the firm has shown off CORS, allowing users to share data from multiple applications through HTML and XML.
Microsoft also revealed CSS user-select, Javascript typed arrays and File API Writer support. The firm was also keen to show that IE10's rendering outperformed that of Google's Chrome web browser. However, unlike Chrome or Mozilla's Firefox, the IE10 preview is only available on Windows 8.

More at :-
http://www.theinquirer.net/inquirer/news/2128993/m...

--
Was this reply relevant?
+0
-0
mogs CClip 142
Member 30th Nov, 2011 19:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Judge orders Google, Facebook to remove fake sites

A US Judge has ordered Google, Yahoo, Twitter and Facebook, among others, to delist domain names linked to websites selling counterfeit goods.

It represents a significant step in the ongoing battle against the sale of fake items online.

The case was brought by luxury goods maker Chanel against 600 sites which it had identified as trading in counterfeits.

Many experts were surprised at the scope of the Nevada judge's ruling.

US firm GoDaddy, which manages around 45 million domain names, has been given control of the web addresses of the 600 firms. It has been told to ensure that none of the sites can be accessed.
More at :-
http://www.bbc.co.uk/news/technology-15959882

--
Was this reply relevant?
+0
-0
mogs CClip 143
Member 30th Nov, 2011 20:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 1st Dec, 2011 19:44


--
Was this reply relevant?
+0
-0

This thread has been marked as locked.