Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS December

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS December
Expert Contributor 1st Dec, 2011 19:41
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK

Fifteenth Edition.
Thankyou for the support thro' the last month. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Expert Contributor 1st Dec, 2011 19:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Duqu hackers scrub evidence from command servers, shut down spying op
Delete all files and logs just days after researchers revealed botnet's existence

By Gregg Keizer

Computerworld - The hackers behind the Duqu botnet have shut down their snooping operation, a security researcher said today.

The 12 known command-and-control (C&C) servers for Duqu were scrubbed of all files on Oct. 20, 2011, according to Moscow-based Kaspersky Lab.

That was just two days after rival antivirus firm Symantec went public with its analysis of Duqu, a Trojan horse-based botnet that many security experts believe shared common code and characteristics with Stuxnet, the super-sophisticated worm that last year sabotaged Iran's nuclear program.

More to read at :-
http://www.computerworld.com/s/article/9222293/Duq...

--
Was this reply relevant?
+0
-0
mogs CClip 2
Expert Contributor 1st Dec, 2011 19:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Finding Attack Patterns at the Digital Crime Scene

Using scientific methods, Symantec researchers aim to profile the IT threat landscape.

By Sean Michael Kerner

In the physical world of criminal investigation, police investigators aim to build a profile of the criminal in an effort to help catch the guilty party. The same basic idea is now being applied in the cyber world.

Symantec Labs has been working on a number of different research efforts under the project names WOMBAT (Worldwide Observatory of Malicious Behaviors and Attack Threats) and VIS-SENSE to try and help profile and detect online criminal activity. Marc Dacier, senior director at Symantec told InternetNews.com that the WOMBAT project was a joint project funded by the European Union that led to some practical use at Symantec.

"The idea behind WOMBAT was to evaluate from a rigorous scientific point of view what is going on in the online threat landscape," Dacier said.

More to read at :-
http://www.esecurityplanet.com/network-security/fi...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 1st Dec, 2011 19:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Lessons from the 'water plant hack' that never happened
FBI found no evidence of a cyber intrusion at an Illinois utility, but questions remain -- along with lessons for preventing future attacks

By Robert Lemos | InfoWorld
Two weeks ago, the Internet was abuzz with news of a network intrusion into a utility's operation and control system that caused months of glitches and the eventual failure of a water pump. Details of the alleged intrusion came from a leaked alert issued earlier in November by Illinois's fusion center, the Illinois Statewide Terrorism and Intelligence Center that is supported by the U.S. Department of Homeland Security. The alert suggested that an intrusion from a Russian Internet address was to blame.

While many media reports touted the attack as potentially the first known intrusion to damage critical infrastructure, the DHS soon refuted details of the initial alert, following an investigation by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

"After detailed analysis of all available data, ICS-CERT and the FBI found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois," stated a statement (PDF) issued last week.

More at :-
http://www.infoworld.com/t/network-security/lesson...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Expert Contributor 1st Dec, 2011 20:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Apple loads Carrier IQ's trackerware onto IOS devices

But refrains from keylogging
By Lawrence Latif
Thu Dec 01 2011, 13:49
FLOGGER OF SHINY TOYS Apple has been fingered for loading Carrier IQ's tracking software on Iphones through IOS.
Last week Carrier IQ, a mobile analytics firm, was at the centre of a privacy storm as a security researcher claimed that many smartphones run its tracking and debugging software. Initially Google's Android was identified but now it seems that Apple has been including Carrier IQ's software in several versions of IOS, including the latest IOS 5.
Although Apple ships Carrier IQ's software, the researchers claim it is relatively easy to turn off from the Settings menu in IOS. However it is interesting to see that Apple has engineered the software to run from a number of different daemons.
Carrier IQ said its software does not log keystrokes, though that has been called into question after researchers claimed to have proof that the firm's software can log keystrokes and does so in some installations. In the case of Apple's IOS, the version of Carrier IQ's software doesn't seem to log keystrokes, but it still can send back information on the device's phone number, mobile operator and location.

More at :-
http://www.theinquirer.net/inquirer/news/2129353/a...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Expert Contributor 1st Dec, 2011 20:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Medical data breaches soar, according to study
By George V. Hulme

Security breaches among healthcare organizations are soaring. That's the conclusion of the Second Annual Benchmark Study on Patient Privacy and Data Security conducted by the Ponemon Institute and sponsored by ID Experts.

A total of 72 healthcare organizations where surveyed, and, on average, the cost of data breaches to these organizations rose $183,526 to $2,243,700 from 2010. The absolute number of breaches are also increasing: up 32 percent year over year, with 96 percent of those providers surveyed reporting at least one data breach in the past 24 months.

More at :-
http://www.pcadvisor.co.uk/news/security/3322306/m...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 1st Dec, 2011 20:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Dec, 2011 20:16
Crack GCHQ's code and become the next James Bond

Signals snoopers' challenge to wannabe spooks

By John Leyden •

Posted in Developer, 1st December 2011 11:23 GMT

GCHQ has launched a code-breaker challenge as part of its attempts to unearth fresh talent from unconventional sources.

The signals intelligence agency's ‘canyoucrackit’ challenge invites would-be codebreakers to crack a visual code at canyoucrackit.co.uk. The campaign will be supported in social media channels, including blogs and forums.

GCHQ traditionally recruits graduates but it is also keen to employ talented self-taught codebreakers and those with an interest in ethical hacking too, an audience traditional recruitment schemes and advertising campaigns might miss. The agency has no interest in recruiting anyone who has even dabbled in criminal hacking.

Read more at :-
http://www.theregister.co.uk/2011/12/01/canyoucrac...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 1st Dec, 2011 20:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
NOD32 and Kaspersky Websites Hacked

Again we are presented with a situation that shows how even companies that should keep us protected are vulnerable to the attacks launched by cybercriminals. This time, NOD32’s website in Ukraine and Kaspersky’s Costa Rican site were defaced.

Kaspersky was hacked by Algerian hackers Over-X, indoushka and Saousha and according to Cyberwarnews, this is not the first time they fail to properly secure their site. The attackers don’t state their reasons for taking down the page, but it’s most likely one of the situations where they want to show how weak its security is.

At the time of writing, Kaspersky’s website (kaspersky.co.cr) is still down, proudly displaying the image placed by the hackers.

On the other hand, NOD32 in Ukraine (nod32.in.ua) acted quickly on restoring their services after being attacked by hackers known as KhantastiC haX0r and Shadow008.

“HellO NoD32. Where is Security ?! Are U Hacked ? Yesh ! U have been Hacked Once Again :D !!! Everyday Someone Get Hacked Today is your Day. Impossible only means it has not been done...” state the hackers on the defaced page.

The ones responsible for taking down the NOD32 site kept themselves busy over the past few days, making a lot of victims, mostly from India and Bangladesh.
More at :-
http://news.softpedia.com/news/NOD32-and-Kaspersky...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 1st Dec, 2011 22:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Q I bought an HP Compaq Presario 3120 desktop PC just over a year ago. It came pre-installed with Windows 7 Home.
I’ve had no reason to look at the Bios setup but, when I recently tried to access it, I found that using the Delete or F2 key immediately on startup doesn’t work – Windows simply carries on regardless. I have also tried all the other function (F) keys, with no effect.
I’ve also noticed that if, Windows crashes and I have to restart, I cannot select options from the displayed ‘Boot menu’. The timer just counts down ignoring my mouse or key presses and eventually restarts normally.
I’m getting frustrated, as there are now a few things I want via Windows Safe Mode, too. I found all this out just a few days after my warranty ran out.
Peter Wright


Read the answer at: http://www.computeractive.co.uk/ca/pc-help/2116012...


--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 2nd Dec, 2011 08:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Beta Channel Update
Thursday, December 1, 2011 | 17:54
Labels: Beta updates
The Beta channel has been updated to 16.0.912.59 for Windows, Mac, Linux, and Chrome Frame.

For an overview of key features in this release check out the Google Chrome Blog. Interested in switching to the Beta or Stable channels? You can also take a look at the changelog to see what happened in this release since .41.

Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 2nd Dec, 2011 08:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FBI: Three US Cities Breached via SCADA Systems

Speaking on behalf of the FBI at the Flemings Cyber Security conference, the deputy assistant director of the Bureau’s Cyber Division admitted that the infrastructures of three cities were illegally accessed by hackers who made use of vulnerabilities in supervisory control and data acquisitions (SCADA) systems.


Michael Welch didn’t name the cities, but he claims that in theory the hackers could have caused havoc as they had the chance to shut off the power to a mall and even dump sewage water into a lake, Information Age reports.

“We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into SCADA systems within the city,” Welch revealed.

He believes that the attacks were a way for the cybercriminal to tease city officials and law enforcement by showing them how weak their infrastructures actually are.

More at :
http://news.softpedia.com/news/FBI-Three-US-Cities...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 2nd Dec, 2011 08:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Does your smartphone run Carrier IQ? Find out here

Apple, AT&T, Sprint confirm; Nokia, RIM, Verizon deny
By Dan Goodin in San Francisco

Posted in Security, 1st December 2011 22:56 GMT

The roster of confirmed smartphone manufacturers and network providers using the controversial Carrier IQ tracking software has grown to include Apple, AT&T, Sprint, HTC, and Samsung. Verizon, Nokia, and Research in Motion, meanwhile, have denied reports saying they employ it.

In a statement that was widely reported on Thursday, Apple confirmed that some undisclosed products use the software, which an independent researcher has documented secretly monitors users' key presses even when they're entered into webpages protected by the SSL protocol.

Apple didn't say which devices still use the diagnostic software or how long the company has relied on it. But according to a report published on Thursday by Ars Technica, the only iOS 5 device that runs Carrier IQ is the iPhone 4. "Other devices running iOS 5, such as the iPad, the new iPhone 4S, and older iPhone models updated to iOS 5 have had Carrier IQ stripped out," the report said, citing Apple.

Read more at :-
http://www.theregister.co.uk/2011/12/01/apple_spri...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 2nd Dec, 2011 08:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Government opens up more data for free

The government is to release a comprehensive set of public weather data

Experts have welcomed the UK government's decision to open up a range of data relating to healthcare, travel, house prices and weather forecasting.

The plan was announced in Chancellor George Osborne's Autumn Statement.

The government also said it would provide £10m to fund an Open Data Institute - to be headed up by web inventor Sir Tim Berners-Lee.

Releasing such data will bring its own challenges, think some.

"It is good news because it shows that people at the top of government realise the economic potential of open data, but there are lots of practical issues to sort out," said Mike Cross, journalist and founder of the Free Our Data campaign.

More at :-
http://www.bbc.co.uk/news/technology-15966688

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 2nd Dec, 2011 10:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe Patches Flex Security Vulnerability

The company has released an update to patch a flaw that could enable cross-site scripting attacks.

December 01,
Adobe has released a patch for a flaw in the Flex SDK that could enable cross-site scripting attacks.

"Adobe is recommending that Flex users update their vulnerable versions of the framework as soon as possible and then go through the process of determining whether any apps built with those Flex releases are vulnerable," writes Threatpost's Dennis Fisher.

"The company has produced a technical note that explains how to check whether apps built with Flex include vulnerable SWF files," Fisher writes. "Once a user has determined that an app is vulnerable she has two options: repair the app or patch Flex and then rebuild the app."

Go to "Adobe Fixes Flaw in Flex SDK Framework" to read the details.

http://www.esecurityplanet.com/patches/adobe-patch...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 2nd Dec, 2011 22:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 2nd Dec, 2011 22:47
Skype flaw reveals users' location, file-downloading habits
A team of researchers has uncovered an issue that threatens Skype users' privacy by putting their location and identity up for grabs

By Joan Goodchild | CSO


Researchers have found a flaw in Skype, the popular Voice-over-Internet-Protocol service which allows users to make video phone calls and internet chat with their computers. The vulnerability can expose your location, identity and the content you're downloading. Microsoft, which owns Skype, says they are working on the problem.

The issue was uncovered earlier this year by a team of researchers from Polytechnic Institute of New York University (NYU-Poly), MPI-SWS in Germany and INRIA in France and included Keith Ross, Stevens Le Blond, Chao Zhang, Arnaud Legout, and Walid Dabbous. The team presented the research in Berlin recently at the Internet Measurement Conference 2011 in a paper titled "I know where you are and what you are sharing."

The researchers found several properties of Skype that can track not only users' locations over time, but also their peer-to-peer (P2P) file-sharing activity, according to a summary of the findings on the NYU-Poly web site. Earlier this year, a German researcher found a cross-site scripting flaw in Skype that could allow someone to change an account password without the user' consent.

"Even when a user blocks callers or connects from behind a Network Address Translation (NAT) -- a common type of firewall -- it does not prevent the privacy risk," according to a release from NYU-Poly.

More at :-
http://www.infoworld.com/d/security/skype-flaw-rev...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 2nd Dec, 2011 22:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Yahoo Messenger flaw enables spamming through other people's status messages
The unpatched vulnerability in Yahoo Messenger allows attackers to change other people's status messages automatically

By Lucian Constantin | IDG News Service


An unpatched Yahoo Messenger vulnerability that allows attackers to change people's status messages and possibly perform other unauthorized actions can be exploited to spam malicious links to a large number of users.

The vulnerability was discovered in the wild by security researchers from antivirus vendor BitDefender while investigating a customer's report about unusual Yahoo Messenger behavior.

The flaw appears to be located in the application's file transfer API (application programming interface) and allows attackers to send malformed requests that result in the execution of commands without any interaction from victims.

"An attacker can write a script in less than 50 lines of code to malform the message sent via the YIM protocol to the attacker," said Bogdan Botezatu, an e-threats analysis & communication specialist at BitDefender.

"Status changing appears to be only one of the things the attacker can abuse. We're currently investigating what other things they may achieve," he added.

More at :-
http://www.infoworld.com/d/security/yahoo-messenge...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 2nd Dec, 2011 22:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft's Internet Explorer 9 finally overtakes Chrome and Firefox on Windows 7

Thanks to Windows Update
By Lawrence Latif
Fri Dec 02 2011, 15:29
SOFTWARE REDEVELOPER Microsoft's Internet Explorer 9 (IE9) web browser has finally overtaken Mozilla's Firefox and Google's Chrome on Windows 7, Microsoft claims.
Microsoft's Internet Explorer 9 was the firm's first web browser in years that actually had something going for it, and is widely acknowledged as having improved standards compliance and performance. However even with a persuasive brand, only now has IE9 overtaken its open source rivals Firefox and Chrome on Windows 7.
Citing Net Applications' figures, Microsoft's said its latest web browser has just edged above Google Chrome to take top spot among what Microsoft terms 'modern browsers' on Windows 7. While Internet Explorer 9 has surpassed its contemporary rivals, Microsoft concedes that Internet Explorer 8 is still the most popular web browser among Windows 7 users.

More at :-
http://www.theinquirer.net/inquirer/news/2129802/m...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 2nd Dec, 2011 22:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome overtakes Firefox in the web browser race

And next up, Internet Explorer
By Chris Martin
Fri Dec 02 2011, 12:46
BEANCOUNTERS at Statcounter have revealed that Google's Chrome web browser has leap-frogged Mozilla's Firefox in global market share.
The latest figures from the firm show that Chrome has taken a slightly higher percentage of market share to take second place behind Microsoft's Internet Explorer. Globally, Chrome now has 25.69 per cent usage compared to Firefox at 25.23 per cent, according to Statcounter.
Aodhan Cullen, CEO of Statcounter said, "We can look forward to a fascinating battle between Microsoft and Google as the pace of growth of Chrome suggests that it will become a real rival to Internet Explorer globally."
"Our stats measure actual browser usage, not downloads, so while Chrome has been highly effective in ensuring downloads our stats show that people are actually using it to access the web also."

http://www.theinquirer.net/inquirer/news/2129700/c...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 2nd Dec, 2011 23:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
‘Verified by Visa’ Presents Major Security Flaw

Trend Micro researchers discovered that the technology behind the Verified by Visa trademark is much more unsecure than anyone would believe and not a coding error is to blame, instead it’s a design flaw that could be taken advantage of by cyber and non-cyber criminals.

The 3 Domain Secure (3DS) security protocol introduced by Visa in 2001 was developed to prevent credit card fraud and while its purpose is highly noble, in practice it’s not so efficient.

The way the protocol works is pretty simple. When we make an online transaction that’s protected by Visa, we are redirected to a verification page that requires confirmation of some details and a password. Since the merchant doesn’t come in contact with our details at any point in the process, theoretically, the transaction should be secure.

In theory it sounds good, but the problem emerges due to the password reset feature that’s offered by Visa.

When the customer accesses the reset password function, he is presented with a form that requires some details of the cardholder to prevent fraud, but the problem is that all the data can be found on the physical credit card.

Signature panel code, expiry date, cardholder name and birth date is requested from the customer in order to complete the reset process. All the details except for the birth date are printed on the card, but also, these are the details first obtained by any cybercriminal in operations that target credit cards.

Researchers propose that this verification method should be at least updated to encapsulate a secret question, a one-time password reset URL should be sent to the user’s email, and the entire procedure should result in a notification

Worryingly, the 3DS security protocol is not only used by Visa. Websites that display MasterCard Secure Code, J/Secure (JCB International) and SafeKey (American Express) basically implement the same technology.

More at :-
http://news.softpedia.com/news/Verified-by-Visa-Pr...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 3rd Dec, 2011 18:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malware writers launch 'Electronic Payment' malware attack A newly-discovered malware attack is targeting users with the promise of an electronic money transfer to lure victims.
Researchers with Solera Networks have reported that the attack uses web-based exploits to perform an 'drive-by' malware download. Additionally, the attackers make use of Google's goo.gl link-shortening service to hide the location of the attack site.
The attacks claim to originate from the "Electronic Payments Association" and notify users of a failed direct deposit attempt. When users click on the link included with the message they are redirected to a site which attempts to perform a number of exploits including attacks on vulnerabilities in Flash and Java.
Andrew Brandt, director of threat research for Solera Networks Labs told V3 that the attacks are part of a much larger trend of cyber criminals targeting browser plug-ins and third party components.
"I am seeing non-stop examples of this every day now and it is becoming a really big deal," Brandt said.
"Even with an older browser you can be relatively safe if you update things like Flash, Adobe Reader and Java."
The attacks also highlight the migration of malware writers to third-party link-shortening services. Other malware and spam operations have made similar use of link-shortening tools to insulate targets from the actual attack site.

For Brandt, the attacks show just how varied cyber criminals have become in their methods for attacking users with malware.
"They are switching gears from sending the malware as an attachment to drive-by downloads," he said.
"Next week it will be different, but I keep seeing these attacks over and over again."

http://www.v3.co.uk/v3-uk/news/2129904/malware-wri...




--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 3rd Dec, 2011 18:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
ITU-IMPACT drill tests international cyber defences
by Shaun Nichols

03 Dec 2011
The United Nations International Telecommunications Unit (ITU) has launched a security exercise aimed at simulating an online attack against four countries in Southeast Asia.
The agency said its one-day exercise is designed to test the readiness of computer emergency response team (CERT) organisations in Vietnam, Cambodia, Laos and Myanmar. Among the situations simulated in the drill were web site defacements, malware infections and massive spam attacks.

The ITU said the drill was part of its International Multilateral Partnership Against Cyber Threats (IMPACT) project. The aim of the operation was to test the ability of underdeveloped and developing nations to handle cyber attack scenarios.

More at :-
http://www.v3.co.uk/v3-uk/news/2129903/itu-impact-...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 3rd Dec, 2011 18:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Spending on security companies booming, PwC finds
Everyone wants a piece of the industry
By John E Dunn | Techworld | 03 December 11

The $60 billion global computer security industry has become a hot sector for a range of investors, including mainstream IT companies, aerospace, defence giants and private equity, a PricewaterhouseCoopers (PwC) analysis has reported.

With the exception of the recessionary year of 2009, the last three years has seen an M&A mini-boom with spending on security companies rising every year to reach record heights in 2011, which has already recorded $10.1 billion of deals.

This figure was exaggerated by the huge $7.8 billion Intel paid for McAfee in February, but there have been other notable deals in the current year including the $612 million Dell paid for SecureWorks, and Raytheon's $490 buy of Applied Signal Technology.

The rationale for buying security companies varies from sector to sector. Defence contractors want to diversify as military spending is constrained by financial deficits in many NATO countries, while rival tech companies simply see security as a lucrative element to add to their portfolios.

More at :-
http://www.pcadvisor.co.uk/news/security/3322674/s...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 3rd Dec, 2011 18:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The safe way to remove a USB key
It is not always clear that a file has finished copying over to a USB key. Mr Waters describes how to do it without using the Safe Removal icon

Software, gadgets, magazines and more in our webstore. Click here to see our latest offers. To improve performance Windows will often delay copying files to a USB key until the computer is sitting idle. This is why you should always use the Safely Remove Hardware icon in the Notification Area to make sure there is nothing outstanding otherwise files could be lost or corrupted.
To minimise risk at the cost of some performance this pause can be disabled. Click on the Start button and then My Computer. Right-click on a USB memory key and left-click on Properties. Click on the Hardware tab and then on the USB memory key.
They are not always clearly identified so it is best to make this change with only one key connected. Click on Properties and then the Policies tab. Select the top option ‘Optimize for quick removal’ and click on OK. This setting is linked to individual USB keys.
It is still a good idea to still use the Safely remove hardware icon just in case the drive is working without you being aware of it.
Stuart Waters


Read more: http://www.computeractive.co.uk/ca/pc-help/2118807...

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 3rd Dec, 2011 18:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 3rd Dec, 2011 18:40
Generic web addresses to expand
In 2012 the number of generic top-level domain names will be increased so that almost any word can be used as the final part of an internet address
. A domain name is the technical term for the final part of an internet address: for instance, Computeractive’s domain name is computeractive.co.uk, while Microsoft owns the domains microsoft.com, microsoft.co.uk and more.
The final part of the domain name is known as the top-level domain, or TLD, which is split into several types.
There are country-specific TLDs such as .uk, under which domain names related to this country can operate (these are then split into other TLDs such as .co.uk for companies, .gov.uk for official domains and so on).
Then there are so-called ‘generic’ TLDs or GTLDs, the most popular of which is .com for commercial sites – others include .name for individuals’ sites, .aero for airlines and .xxx for pornographic sites.
Some people in the internet industry feel that these domains aren’t enough, and there should be more, so from next year things are going to change radically


Read more: http://www.computeractive.co.uk/ca/news/2115216/ge...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 5th Dec, 2011 19:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Browsing history can be stolen despite current defenses, expert demonstrates
Security expert demonstrates reliable way of stealing browsing history using cache timings
By Lucian Constantin | 05 December 11

Stealing browsing history is still possible despite defenses currently implemented in browsers, according to Google security engineer and vulnerability researcher Michal Zalewski.
History theft is a type of attack that can expose what websites users have visited in the past by determining how their browsers display links to them. By default, all browsers display previously visited links differently than non-visited links, due to definitions in their internal Cascading Style Sheets (CSS).

CSS-based history theft not only violates the privacy of the victims, but can actually assist hackers in performing other, more serious, attacks. For example, a phisher could use this method to determine what banking websites victims have visited and then pose as those institutions.

"In the past few years, browser vendors have severely crippled CSS :visited selectors in order to prevent CSS-based history snooping that made the headlines not long ago," Zalewski said in a blog post. However, other methods of extracting browsing history information without relying on CSS exist.

One such technique is to calculate how fast certain websites are rendered by the user's browser and using the results to determine if they were loaded from the cache. In order to be in the browser's cache, a page needs to have been visited at some point.

While possible in theory, cache timing attacks were considered impractical because they were slow, visible to the victim, and impossible to execute more than once. However, that's no longer the case, according to Zalewski, who devised a proof-of-concept, cache-based history stealing attack that overcomes most of those limitations.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3322893/b...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 5th Dec, 2011 19:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Lookout releases free Carrier IQ detection app
Sniffs out controversial software on Android smartphones, but doesn't delete it
By Gregg Keizer | Computerworld US | 05 December 11

A mobile security software company last Friday released a tool that detects Carrier IQ, the software embedded in numerous smartphones that has raised questions from users, privacy advocates and even Congress.

Lookout, best known for the Android security software by the same name, launched the free Carrier IQ Detector last week. It can be downloaded from the Android Market .

The tool only detects the presence of Carrier IQ on Android handsets: It does not scrub the software from the smartphone .

More at :-
http://www.pcadvisor.co.uk/news/mobile-phone/33228...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 6th Dec, 2011 06:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Amazon Expiration Emails Lead to Phishing
Emails that alert recipients their Amazon online accounts are about to be deactivated turn out to be part of a cleverly designed phishing campaign that targets users with the purpose of stealing their credentials.

The message provided by Graham Cluley reads:

Dear customer,
Your online account is about to expire and will be deactivated.
Please confirm wether you want to continue using Amazon or not.
If the answer is yes, download and complete the attached form.
If the answer is no, please ignore this e-mail.
Best wishes,
Amazon Team
Note - Do not reply to this e-mail.

The message comes with an HTML attachment that represents a form which requires the user to provide loads of sensitive information that will allow a hacker to steal his account.

Sophos detected the attached file as Troj/Phish-AZ which means that a good antivirus solution can keep you safe in case you might believe the warning to be true.

I will take this opportunity to remind you how to avoid phishing campaigns and how to identify malicious emails.

Read more at :-
http://news.softpedia.com/news/Amazon-Expiration-E...

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 6th Dec, 2011 21:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
By Eduard Kovacs
Hacker Takes Down Linux, Google, Gmail, Youtube, Yahoo, Apple, Microsoft and Hotmail in Congo

By making use of a technique called DNS poisoning, a cyberattacker managed to take down the websites of Samsung, Google, Gmail, YouTube, Yahoo, Apple, Linux, Microsoft and Hotmail hosted on the .cd domain extension which belongs to the Democratic Republic of Congo.

The hacker who calls himself AlpHaNiX managed to deface all the locations by inserting fake records into the cache of DNS servers, reports Security Web-Center. By doing this, the attacker can make sure that he can alter the responses to a DNS query, forcing the Internet users to a fake website instead of a real one.

Even though DNS cache poisoning is a method favored by many hackers thanks to its efficiency, it's not easy to execute, in most cases the Domain Name System servers being provided by Internet service providers (ISPs) and organizations.

Judging by the messages left on the defaced websites, the hacker didn’t have anything “personal” with them, he just wanted to show his powers. Also, since the sites proudly display a Tunisian flag along with the message “Tunisia Rullz,” we can only assume that the hacker originates from Tunisia.

At the time of writing, Gmail.cd, Google.cd, Linux.cd, Samsung.cd, Hotmail.cd and Apple.cd are still defaced, while Youtube.cd was taken down altogether.

When trying to access Microsoft or Yahoo!, I am automatically redirected to .com domains, which means that steps are already taken to resolve the issue.

A few days ago we witnessed how websites belonging to NOD32 and Kaspersky were breached and defaced by hackers. At the time it turned out that Kaspersky’s site wasn’t actually legitimate, instead it was being set up by typosquatters who relied on the misspelled names of a site to lure users to their malicious locations.

http://news.softpedia.com/news/Hacker-Takes-Down-G...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 6th Dec, 2011 21:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
By Eduard Kovacs
CNET Accused of Serving Software Bundled with Trojans

One of the developers of a network exploration and security auditing tool called Nmap is accusing CNET of bundling free software with Trojans and shady toolbars, and serving them on their Download.com website.

Gordon Lyon, also known as Fyodor claims he discovered that Nmap and other free applications such as VLC are downloaded with pieces of malware attached and according to the Virus Total submission, 10 out of 39 vendors detect the Nmap installer as containing a Trojan.

“They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap's real installer,” Fyodor said.

He’s also upset with the fact that CNET utilizes their Nmap trademark as if they were involved in the fact that the tool is not actually clean.

“In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright,” he adds.

He states that in many cases users will not look at what they’re downloading or installing and they’ll just end up with a changed homepage, an extra toolbar and maybe even a malicious element.

His biggest fear is that Nmap users will believe that all these extras actually come from the developers, thus ruining their reputation.

“We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!”

CNET offered them the opportunity to opt out of the Download.com Installer, but Fyodor says he’s not going to stop here. He is now in search of a copyright attorney as he’s sure his rights have been violated.

At the time of writing, the Nmap installer on download.com seems to be clean so maybe the company already acted on the warnings received from the devs.

http://news.softpedia.com/news/CNET-Accused-of-Ser...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 6th Dec, 2011 21:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google struggling to meet cookie law requirements
by Dan Worth

Google has admitted that it is struggling to create a system of processes that will allow the firm to abide by new cookie laws owing to the sheer number of its products that are affected by the rules.
The cookie law is an amendment to the ePrivacy Directive which came into force on 26 May, and requires web site owners using cookies to achieve explicit consent from visitors to install and run cookies on their systems.

Anthony House, public policy manager at Google, said the company's work on compliance is "in progress" but is taking longer than the firm had hoped.
"One of the things that has made us move more slowly than we would like is that we have to cover it from all the angles," he said at an event to discuss the issue hosted by law firm Field Fisher Waterhouse and attended by V3.

More at :-
http://www.v3.co.uk/v3-uk/news/2130520/google-stru...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 6th Dec, 2011 21:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Cyber-thieves using DDoS to distract banks and victims from spotting fraud
Fraudsters launch DDoS attacks against banks after they steal money from their customers

By Lucian Constantin | IDG News Service

Cyber-thieves are using DDoS (distributed denial-of-service) attacks in order to distract banks from spotting and reversing fraudulent wire transfers initiated on behalf of their customers.

The FBI has recently issued an alert about fake emails that purport to come from the NACHA (National Automated Clearing House Association) and distribute a variant of the Zeus banking trojan.

According to the bureau, after infecting computers with this notorious piece of malware, the fraudsters steal online banking credentials and launch DDoS attacks against the financial institutions used by the victims.

The attacks serve as a diversion, said Neal Quinn, vice president of operations at DDoS mitigation provider Prolexic, in a phone interview. Cyber-thieves believe that this will distract the bank's personnel and prevent them from spotting the fraudulent activity, he explained.

DDoS attacks against financial institutions are not new and Prolexic has observed them for a long time, said Quinn. In the past such attacks were launched by phishers to add credibility to their claims that banks are having technical difficulties.

More at :-
http://www.infoworld.com/d/security/cyber-thieves-...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 7th Dec, 2011 10:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK


Chrome Dev Channel Update
Tuesday, December 6, 2011 | 15:45
Labels: Dev updates
The Dev channel has been updated to 17.0.963.0 for all platforms. This release has the following updates:

All Platforms
Updated V8 - 3.7.12.6
r113121 Omnibox suggestions will now be prerendered if our confidence of the user following the suggestion is high.
Support for <meta name=”referrer”>
Content Settings (in Options, Under the Hood) now has UI for “Mouse Cursor”, which controls the Mouse Lock API permissions.
r110556 Fixed a renderer crash that could happen when opening a new tab with many tabs open.
WebKit Issue 73056 - Small fix for BiDi selection.
WebKit Issue 63903 - Fixed WebKit's implementation of bdo, bdi, and output elements to match HTML5 spec section 10.3.5.
Windows
r111156 - Desktop shortcuts will be created for each user account, to launch Chrome with that account active.
Mac
The PDF viewer now renders nicer looking text.
r111426 - Plugins using the Core Animation rendering model are now rendered through Chrome’s compositor rather than directly to the screen. This should have no user visible side effects; please file bugs and cc: kbr@chromium.org if any unexpected issues are seen with plugin rendering on Mac.
Known Issues
Extension/App/Themes installs on Linux/ChromeOS are currently not working. This includes sync-driven installs. (Bug 106599)
Full details about what changes are in this release are available in the SVN revision log. Interested in switching to a different release channel? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 7th Dec, 2011 11:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Computerworld - Adobe today confirmed that an unpatched, or zero-day, vulnerability in Adobe Reader is being exploited by criminals.

Those attacks may have been aimed at defense contractors.

Adobe promised to patch the bug in the Windows edition of Reader and Acrobat 9 no later than the end of next week. Tuesday, Dec. 12 is also Microsoft's regularly-scheduled Patch Tuesday for the month.

The upcoming patch will be Adobe's sixth for Reader and Acrobat this year.

"A critical vulnerability has been [found] in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh," Adobe said in an early-warning email. "This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system."

The company issued a security advisory with what information it was willing to share.

Read more at :-
http://www.computerworld.com/s/article/9222454/Hac...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 7th Dec, 2011 11:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Opera Update Patches Three Security Flaws

The vulnerabilities are fixed in version 11.60.

December 06, 2011
Version 11.60 of the Opera Web browser was recently released.

"Code-named 'Tunny,' the update addresses a vulnerability affecting some two- and three-letter top-level domains (TLD) that could allow cookies to be set for the TLD itself; these cookies could then be read by other sites using that TLD," The H Security reports.

"A problem related to a weakness in the SSL v3.0 and TLS 1.0 specifications which could be used for eavesdropping attacks against some applications, and a cross-domain information leakage problem in the JavaScript 'in' operator, have also been fixed," the article states.

Go to "Opera 11.60 fixes security bugs" to read the details.

http://www.esecurityplanet.com/browser-security/op...

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 7th Dec, 2011 11:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Intel patches flaw that allows hardware-based security feature bypass
Patching the elevation of privilege vulnerability in the SINIT Authenticated Code Modules required considerable effort from Intel

By Lucian Constantin | IDG News Service

Intel underwent a complex patching process in order to fix a recently discovered flaw in the SINIT ACMs (Authenticated Code Modules) that allowed for the TXT (Trusted Execution Technology) implemented in its microprocessors and chipsets to be bypassed.

The elevation of privilege vulnerability was discovered by security firm Invisible Things Lab, whose researchers found a similar flaw in SINIT ACM two years ago. In fact, according to Joanna Rutkowska, the company's founder and CEO, the issue discovered in 2009 was a subset of this newly found vulnerability.

The researcher said that she was surprised to see Intel rate the severity of this flaw as important, while the 2009 was rated as critical. "What is really interesting about the attack are the consequences of SINIT mode hijacking, which include ability to bypass Intel TXT, LCP, and also compromise system SMRAM [System Management RAM]," Rutkowska said in a blog post.

This vulnerability is significant because Intel's Trusted Execution Technology is a hardware extension to the company's microprocessors and chipsets that is meant to provide a protection mechanism against software-based attacks. TXT can be used by companies to control how information is stored, processed, and exchanged on their systems.

Read more at :-
http://www.infoworld.com/d/security/intel-patches-...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 7th Dec, 2011 11:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Yahoo Messenger Bug Lets Hackers Hijack Status Updates

Written by
Ravi Mandalia

07 December, 2011bug/vulnerability yahoo messenger yahoo! hackers

Security researchers have come across an exploit in Yahoo Instant Messenger that has not been patched yet, which would allow a wave of malware to enter enterprise networks across the globe.

A researcher with BitDefender, a security firm, Bogdan Botezatu, on the company's blog wrote that the new patched version of the Yahoo Messenger has a vulnerability which lets a remote attacker to change the status message on the victim's account.

Even though this type of attack seems harmless but, according to the researcher the hacker can exploit this accessibility and encourage the friends and other online connections of the user to click on various malicious links, which will eventually infect their machines.

"The victim's status message [could be] swapped with an attention-getting text that points to a page hosting a zero-day exploit targeting the IE browser, the locally installed Java or Flash environments, or even a PDF bug", reads the Company blog, malwarecity.com.

Botezatu also commented that such accessibility to the status message is important and valuable for the hackers because online connections of the victim are most likely to check and also click on such links as compared to other malicious spam sent via email.

At present the users of Yahoo Messengers who can receive messages from people outside their contact list are exposed to this attack.



Read more: http://www.itproportal.com/2011/12/07/yahoo-messen...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 7th Dec, 2011 11:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Wireless Carrier Notification Carries ZeuS

Internet users are advised to treat emails that seem to be coming from mobile carriers, especially Verizon, with maximum suspicion since security experts noticed that they were actually set up to spread a malicious piece of malware.

A sample email provided by MMPC reads:

Hello Dear!
Your current bill for your account is now available online in My Verizon.
Total Balance Due: $0751.49
Keep in mind that payments and/or adjustments made to your account after your bill was generated will not be reflected in the amount shown above.
View all your recent bills in application materials.
Thank you for choosing Verizon Wireless.

The subject of this email that looks something like “Important Account Information from Verizon Wireless TRACK-ID: 70341011278” may vary and the amount of money mentioned in the alert as well, but they were all discovered to contain an attachment that actually represents the malicious PWS:Win32/Zbot.gen!Y, also known as the bank-account-stealing ZeuS.

A variant of the malicious message was also seen to target Adobe customers, promising them a “software critical update” and some new features that allow them to “collaborate across borders,” “create rich, polished PDF files” and “ensure visual fidelity.”

Users are advised to avoid such phony alerts, especially if they know they don’t have anything to do with the company whose name is involved.

As in many cases, a few simple hints can give away the true identity of such a malevolent campaign. First of all, no company will address a customer with “hello Dear.” Secondly, organizations will never send attachments, particularly not zip or executable files.


http://news.softpedia.com/news/Wireless-Carrier-No...

--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 7th Dec, 2011 11:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

December 6th, 2011, 12:05 GMT · By Eduard Kovacs
International Checkout Hacked, Customer Credit Cards Abused

International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details.

“International Checkout was recently the victim of a system intruder who was able to access encrypted credit card information,” reads the email provided by SpywareSucks.

“You are receiving this email from International Checkout because your credit card information was in the database which was compromised.”

It seems as the breach was discovered sometime in mid-September and an investigation has immediately commenced. Besides the fact that the authorities were notified of the issue, the credit card information from the databases was removed to make sure no one still had access.

Even though the information was encrypted, the attacker managed to obtain the encryption key that was stored in a separate location.

“As a precaution, International Checkout is providing notification to people whose information may have been in the database that was accessed so that if it turns out the information was compromised in any way, they can take the appropriate measures to protect themselves,” the notification adds.

The company is advising customers to closely monitor their bank account statements for any suspicious transactions. Bank account numbers were not exposed, but credit cards numbers were and in some situations the financial institutions involved may even recommend the changing of the account number.

An important thing customers should know is that they will not be directly contacted by International Checkout, unless they call them first. They alert individuals on the fact that some might profit from the situation and call them pretending to represent the firm, requesting sensitive information.

“We will not call you to ask for bank account information or personal identification numbers (PINs) or for your full credit card or social security number.”

Unfortunately, a lot of companies are on International Checkout’s partner list so the number of potential victims is high and people are already starting to complain about abusive transactions made with their credit cards.

http://news.softpedia.com/news/International-Check...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 7th Dec, 2011 11:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
ICM Registry has begun accepting general registrations for the .xxx top level domain (TLD), allowing site owners and businesses to lay claim to the new adult-only addresses.
The domains went on sale officially at 16:00 GMT, and can be claimed through partnering registries or the buy.xxx portal.

The general availability follows the 'sunrise period' during which companies were allowed to claim addresses related to owned trademarks.
ICM Registry said that it has yet to compile detailed figures of the first day of domain availability, but demand for .xxx domains has been strong. The sunrise period was extended through late October following higher than expected interest.
Designed primarily for adult sites, .xxx seeks to create a clear and verified system for identifying and isolating adult content. All sites within the domain will be scanned with anti-malware tools from McAfee to guard against attack sites commonly associated with adult services.

More at :-
http://www.v3.co.uk/v3-uk/news/2130634/registratio...

--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 7th Dec, 2011 13:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft slates Windows 8 beta for late February 2012
Company's app store to launch simultaneously, free apps only

By Gregg Keizer
December 7, 2011 06:38 AM ET
Computerworld - Microsoft on Tuesday confirmed that it will release a public beta of Windows 8 in late February, 2012.

The company broke the news at a San Francisco developers event Tuesday, where Antoine Leblond, vice president of Windows Web services, touted Windows Store, the app market that will be the sole distribution channel for applications designed to run in Windows 8's new "Metro" interface.

Windows Store will open to the public at the same time Windows 8's beta ships, a Microsoft spokeswoman said.

While Microsoft has yet to talk about an official launch date for Windows 8, the beta's timing hints at a fall 2012 debut, assuming the company paces Windows 8's final development and testing as it did Windows 7's.

More at :-
http://www.computerworld.com/s/article/9222470/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 7th Dec, 2011 19:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Cross-site scripting flaws plague web apps, report says
Code-scanning vendor Veracode found nearly a third of Web applications had SQL injection flaws

By Jeremy Kirk
December 7, 2011 08:32 AM ET
IDG News Service - Cross-site scripting flaws are the most prevalent vulnerabilities found in Web applications, posing a risk to data and intellectual property, according to a study of thousands of applications by vendor Veracode.

Veracode, a company that specializes in finding vulnerabilities in code, analyzed more than 9,900 applications that were submitted to its cloud-based scanning service over the last 18 months.

For Web applications, 68% contained cross-site scripting flaws, Veracode found in its study. Cross-site scripting is an attack in which a script drawn from another website is allowed to run even though it shouldn't and it can be used to steal information or potentially cause other malicious code to run.

Veracode also found that 32% of Web applications contained a SQL injection problem, a type of issue where commands entered into Web-based forms are executed, potentially returning sensitive data.

Other prevalent flaws Veracode found were CRLF (Carriage Return Line Feed) injection issues, which can allow an attacker to control a Web application or steal information, the report said.

Veracode said it tightened its risk-evaluation methodology for its latest report and adopted a zero-tolerance policy for applications found to have a cross-site scripting or SQL injection flaw.

"The result of this new policy on application performance was drastic," the report said. "Over eight in 10 applications across all supplier types failed to pass when first tested."

More at :-
http://www.computerworld.com/s/article/9222474/Cro...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 7th Dec, 2011 19:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Lost USB Sticks Reveal Malware and Tons of Unencrypted Data
With the purpose of making an experiment, Sophos researchers obtained a number of 50 USB sticks lost by their former owners on the trains owned by Australian Rail Corporation New South Wales (RailCorp).

Researchers analyzed the data and the pieces of malware found on them just to see how many contained infections and how many of them contained malicious elements.

An interesting find is that, even though nine of the sticks appeared to belong to Macintosh owners and they contained no traces of Mac malware, seven of them were actually infected with Windows-targeting malware.

“In other words, if you're a Windows user, don't assume that you can automatically trust everything that comes from your Apple-loving friends. And even if you're one of those Mac users who is opposed to the concept of anti-virus software, consider softening your stance as a service to the community as a whole,” said Paul Ducklin, Sophos’ head of technology, Asia Pacific.

It turns out that 33 of the 50 devices were infected and in total, 62 malicious files were stored on them. Most were plagued with the infamous Mal/AutoInf-A and almost the same number was found to host Mal/Palevo-A. Mal/Inject-H, Mal/VB-AD, Mal/Generic-L and VBS/Joint-A were also present.

While they didn’t find any information indicating that any of the former owners were planning anything big, a lot of personal data popped up, even if they didn’t go as deep as “an unethical hacker” would.

More at :-
http://news.softpedia.com/news/Lost-USB-Sticks-Rev...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 8th Dec, 2011 21:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows Defender Offline Now Available in Beta

In an attempt to provide users with increased security option on their computers, Microsoft has rolled out the Windows Defender Offline beta software, which is nothing more than a version of the Windows' anti-spyware feature.

The main difference, however, is the fact that users will have to download it in the form of an ISO file that should then be burned on a DVD or USB flash drive.

With this tool at hand, one will be able to eliminate from a PC even malicious software that kicks in before Windows starts, such as rootkits.

“This can happen when you connect to the Internet or install some programs from a CD, DVD, or other media,” Microsoft explains.

“Once on your PC, this software might run immediately, or it might run at unexpected times. Windows Defender Offline Beta can help remove such hard to find malicious and potentially unwanted programs using definitions that recognize threats.”

The company also explains that Windows Defender Offline Beta is capable of detecting malicious software on the PC, along with potentially unwanted software, provided that users will keep its definitions up to date.

Armed with definition files, Windows Defender Offline Beta can detect malicious and potentially unwanted software, and then notify you of the risks.

Here’s what those interested in using the new Windows Defender Offline Beta need to do:

Read more at :-
http://news.softpedia.com/news/Windows-Defender-Of...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 8th Dec, 2011 22:02
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Digital certificate authority suspends ops following breach

Hackers access database, gain control over website
By Dan Goodin in San Francisco

Posted in Enterprise Security, 8th December 2011 17:44 GMT
Websites belonging to a Netherlands-based issuer of digital certificates were unavailable following reports hackers penetrated their security and accessed databases that should have been off limits.

Dutch telecommunications giant KPN issued a statement (translation here) that said it temporarily shut the website of it's Gemnet subsidiary while it investigated the hack. A second website belonging to a KPN subsidiary that issues digital certificates to the Dutch government was also taken down.

The breach, which was first reported by Webwereld journalist Brenno de Winter, is the latest to compromise one of the several hundred online businesses authorized to mint digital certificates millions of websites and government and corporate networks rely on to shield communications from eavesdroppers. In August, another Netherlands-based certificate authority also suspended operations after it issued a fraudulent secure sockets layer certificate for Google.

More at :-
http://www.theregister.co.uk/2011/12/08/certificat...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 10th Dec, 2011 18:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
- Released for Windows Mac and Linux, stability and feature improvements
Google Chrome has updated the Dev channel to build 17.0.963.2 for all supported platforms Windows, Mac and Linux. This is also the branch for future beta and stable releases.

The effect is that this build of the browser adds no new features and the development team will focus on readying for beta and stable stages from now on.

One of the most important improvements touches on the background mode manager. The problem with the component was that it would not display the name of the profile in the status icon.

The applied fix now makes it show the correct name from the profile info cache. By doing this, any changes in the profile info cache ensure that the correct details are displayed at all times.

http://news.softpedia.com/news/Google-Chrome-Dev-F...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Expert Contributor 10th Dec, 2011 18:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Silverlight 5 Now Available for Download

The gold version of Silverlight 5 was just made available for download, after being expected to make an official appearance in November.

Microsoft has just announced that the plug-in was released to manufacturers. The software is available for download on the web as well.

Released on December 9th, the new Silverlight 5 is available as a free download that weighs in at 7 MB, and which should be easily installed on Windows and Mac machines.

The technology is available with support for web browsers like Internet Explorer, Firefox, Google Chrome and Safari.

The new version of Silverlight 5 comes with features such as Hardware Decode of H.264 media, along with improved graphics stack with 3D support, and more.

More at :-
http://news.softpedia.com/news/Microsoft-Silverlig...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Expert Contributor 10th Dec, 2011 18:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Download Picasa 3.9 with Google+ Sharing and 24 New Effects - 25 new effects, WebP support, side by side editing
It’s been more than seven months since Picasa received an update. But now it comes with a slew of new features. As “sharing” through social networks is the dominating activity on the web, this is also what Picasa adapted to.

As such, it added the possibility to share your photos to your circles as well as upload name tags on Google+. If someone in your circles has not yet signed up for Google’s social network, they’ll receive an email to view your album in Google+.

However, photo editing has not been left aside, and Picasa introduces an army of 25 new effects, which are listed on this page.

A very important feature is side-by-side editing, which allows you to compare pictures or different edited versions of the same image. WebP support has been added and you now you can migrate your database to a different drive (it’s an experimental feature, though).

http://news.softpedia.com/news/Download-Picasa-3-9...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 10th Dec, 2011 18:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Foxit Reader 5 Gets Security Update

Version 5.1.3 patches a highly critical vulnerability.

December 09, 2011 Share
Version 5.1.3 of Foxit Software's PDF Reader was recently released.

"According to the company, previous versions of Foxit Reader contained a vulnerability, rated as 'highly critical' by security specialist Secunia, is said to be caused by the 'cross-border assignment of an array' which results in memory corruption," The H Security reports.

"The issue was reported to the company early last month and versions up to and including Foxit Reader 5.1.0.1021 are affected; users are advised to upgrade to 5.1.3 to fix the issue," the article states.

Go to "Foxit Reader 5 update close security hole" to read the details.

http://www.esecurityplanet.com/patches/foxit-reade...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 10th Dec, 2011 19:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft plans 20 patches next week
The final Patch Tuesday of the year will deliver 14 security updates and is likely to fix the Duqu and BEAST bugs

By Gregg Keizer | Computerworld

Microsoft announced Thursday it will issue 14 security bulletins next week to patch 20 vulnerabilities in Windows, Internet Explorer (IE), Office, and Windows Media Player.

Among the patches will likely be ones to plug the hole used by the Duqu intelligence-gathering Trojan, and to fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug popularized three months ago by the BEAST, for "Browser Exploit Against SSL/TLS," hacking tool, security experts said.

"They're all over the map," said Andrew Storms, director of security operations at nCircle Security, describing the wide range of Microsoft products slated for patching. "It looks like a big cleanup, where they're trying to get as much as they can off their plate before the end of the year."

Three of the 14 updates were tagged with Microsoft's "critical" label, the highest threat ranking in its four-step system, while the remaining 11 were marked "important," the second-highest rating.

Bugs in 10 of the updates could be exploited by attackers to remotely plant attack code on unpatched PCs, Microsoft said in its monthly advance notification that precedes each Patch Tuesday. A number of those bulletins were pegged as important, a move Microsoft makes when the bugs cannot easily be exploited because the pertinent components are not switched on by default or because defensive technologies like ASLR and DEP help protect users.

Storms pointed to the IE update as the one that users should apply as soon as possible, advice he -- and other researchers outside Microsoft -- regularly give when Microsoft patches its browser

Read more at :-
http://www.infoworld.com/d/security/microsoft-plan...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 10th Dec, 2011 19:11
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Two zero-day vulnerabilities found in Flash Player
Researchers release exploit for two zero-day remote code execution vulnerabilities in Flash Player

By Lucian Constantin | IDG News Service


Two newly discovered vulnerabilities in Adobe's Flash Player can be exploited to execute arbitrary code remotely, according to advisories from the U.S. Computer Emergency Readiness Team (US-CERT) and various security research companies.

The security flaws were discovered by Russian vulnerability research firm Intevydis, which integrated exploits for them in its Vulndisco module for Immunity Canvas, a popular penetration-testing application.

Intevydis has no plans to notify Adobe about these vulnerabilities, company founder and CEO Evgeny Legerov said. Two years ago, Legerov announced that his company will no longer notify vendors about the vulnerabilities it discovers.

Intevydis is not the only security company that adopted the "no more free bugs" approach. French vulnerability research firm Vupen is also an adept of this philosophy and only shares information about the security issues it discovers with its paying customers.

The exploits developed by Intevydis for the two zero-day Flash Player vulnerabilities can bypass Windows anti-exploitation features including DEP and ASLR, and can escape the Internet Explorer sandbox, Legerov wrote on the Immunity mailing list on Tuesday.

Read more at :-
http://www.infoworld.com/d/security/two-zero-day-v...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 10th Dec, 2011 19:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft has a kill-switch in Windows 8 app store

To mitigate Windows 8 security woes
By Lawrence Latif

SOFTWARE REDEVELOPER Microsoft has revealed that it will be able to kill apps bought from the Windows 8 app store.
Microsoft's Windows 8 app store will showcase applications that make use of its Windows 8 Metro user interface. As Microsoft readies the production Windows 8 app store, it has updated its Windows Store terms of use to state that applications could be shut down remotely.
Microsoft said, "We may change or discontinue certain apps or content offered in the Windows Store at any time, for any reason. Sometimes, we do so to respond to legal or contractual requirements." The Redmond firm also cited possible security risks as a reason why it might pull the plug on a purchased app.
Microsoft isn't the first company to install a kill-switch on apps bought through an app store. Both Apple and Google have similar mechanisms to kill apps when they have been identified as being malware or pose serious security threats.

Read more at :-
http://www.theinquirer.net/inquirer/news/2131525/m...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 10th Dec, 2011 19:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome is the most secured browser - new study

Firefox finishes last in 3 browser security race
By Dan Goodin in San Francisco

Posted in Malware, 9th December 2011 13:45 GMT
Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox.

The 102-page report, prepared by researchers from security firm Accuvant, started with the premise that buffer overflow bugs and other security vulnerabilities were inevitable in any complex piece of software. Rather than relying on metrics such as the number of flaws fixed or the amount of time it took to release updates, the authors examined the practical effect protections included by default in each browser had on a wide class of exploits.

Their conclusion: Chrome is the most secured browser, followed closely by Microsoft IE. Mozilla's open-source Firefox came in third, largely because of its omission of a security sandbox that shields vital parts of the Windows operating system from functions that parse JavaScript, images and other web content.

"We found that Google Chrome did the most sandboxing," Chris Valasek, who is a senior research scientist for Accuvant, told The Register. "It restricted the movements more than any other browser. Internet Explorer came up a close second because it implemented a sandbox where you could do certain things but you were allowed to do more things than you could in Chrome. Lastly, Firefox came in last because it didn't implement a sandbox yet."

Read more at :-
http://www.theregister.co.uk/2011/12/09/chrome_ie_...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Expert Contributor 10th Dec, 2011 19:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 10th Dec, 2011 21:46
Attackers take aim at Adobe flaw as wait for patch continues
by Shaun Nichols

10 Dec 2011


Malware writers are continuing to actively exploit a high-profile zero-day flaw in the Adobe Acrobat and Reader platforms.
A report from security firm Sophos has detailed a new spam attack which is being used to spread the remote code execution vulnerability in the wild.

The attack presents itself as an unsolicited financial report. Sophos reported a message claiming to be from Barclay's Capital.
When the user launches the supposed financial report, the attached PDF file launches the Reader and Acrobat attack. Specially-crafted code within the file targets the vulnerability than attempts to download malware-serving trojans.
"We have started seeing a small number of targeted samples in Sophos Labs of attackers trying to use this vulnerability in email attachments," Sophos senior security advisor Chester Wisniewski said in a company blog post.
"The emails are well crafted and look very believable."
The report comes as user anxiously await a fix for the vulnerability from Adobe. The company has been working to address the flaw with an out-of-band security fix scheduled to arrive some time in the coming week.

Read more at :-
http://www.v3.co.uk/v3-uk/news/2131601/attackers-a...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Expert Contributor 11th Dec, 2011 14:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Security roundup: Lockheed Martin sounds alarm on Adobe Reader zero-day; Microsoft patchfest coming
By Ellen Messmer
When Adobe last week issued an advisory about a dangerous zero-day attack based on an unpatched Adobe Reader vulnerability that was being exploited in the wild to try and seize control of both PCs and Macs, it credited Lockheed Martin for sounding the alarm about it.
It's not the first time Lockheed Martin has been known to have come under cyberattack, as happened in May in connection with the RSA SecurID-related advanced persistent threat as we've learned this year. But this week, Lockheed Martin -- perhaps not unlike a modern-day version of Paul Revere -- has done a huge public good in coming forward with reliable information. Once again, U.S. defense contractors are being targeted.

"This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe states in its Dec. 6 advisory.

However, Adobe said it might be into the week of Dec. 12 in which it can issue all the necessary version patches for Adobe Reader 9.x and Acrobat 9x for Windows for this zero-day. Addressing the issue in Adobe Reader X and Adobe Reader X for Windows, Adobe states, "Adobe Reader X Protected Mode and Adobe Acrobat X Protected Mode would prevent an exploit of this kind from executing," and thus Adobe is currently planning to address the issue in the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for Jan. 10, 2012. The Mac versions, as well as Acrobat Reader 9.x for Unix, would also be part of the Jan. 10, 2012, scheduled update, according to the Adobe advisory.

"This is the changing face of what we're seeing. Adobe is not a security company. They're not built to release the patches right away," says Bradley Anstis, vice president of technical strategy at M86 Security. "But this is clearly a targeted attack as a zero-day."

Symantec, in its analysis of the threat, which it links to so-called Sykipot malware, says "the attacks have been long-running, persistent, and targeted, which leads us to believe what whoever is behind the attacks is after data that includes design, financial, manufacturing or strategic planning information. The use of multiple zero-day vulnerabilities over time and the long list of command and control servers also leads us to the conclusion that an organized, skilled group of attackers, not just a single individual, is behind the attacks."

Read more at :-
http://www.pcadvisor.co.uk/news/security/3324242/s...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 12th Dec, 2011 10:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Major US Law Enforcement Website Shut Down After Data Breach

The official website of the Coalition of Law Enforcement and Retail (clearusa.org) has been shut down after hackers supporting the AntiSec movement managed to obtain access to thousands of account details, leaking them all online.

A hacker called Exphin1ty is responsible for this latest operation against a government institution. He states that this is a form of retaliation against the “American law enforcement's inhumane treatments of occupiers.”

“Due to this and several other reasons we are releasing the entire member database of clearusa.org (The Coalition of Law Enforcement and Retail). An organization who works to ‘encourage mutual cooperation between all law enforcement agencies and retail corporations,’” reads a statement posted in a Pastebin document.

ID numbers, the dates when accounts were created, names, titles, agency names, addresses, cities, states, zip codes, email addresses, phone numbers and hashed passwords were posted online by the hacker.

Exphin1ty claims that military and law enforcement personnel, federal agents, security companies and even large corporations such as Microsoft may be affected by the breach.

“Many of the users reuse their passwords elsewhere, so we encourage all of our lulz loving friends to deface & leak their twitters, facebooks and private email accounts as well as spreading their d0xes far and wide across the internet ocean,” he adds.

More at :-
http://news.softpedia.com/news/Major-US-Law-Enforc...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 12th Dec, 2011 15:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Security pros slam Cnet Download.com's bundling
Prominent members of the security community criticize Cnet's Download.com for pairing bloatware with popular free security tools

By Robert Lemos | InfoWorldFollow @infoworld

Programmers have a strong sense of ownership for the software they create. No wonder then that CBS Interactive subsidiary Cnet ran into problems when security researchers found that unwanted toolbars and thinly veiled marketing utilities were being pushed on people who downloaded popular open-source tools and other software.

Last week, well-known security researcher Gordon "Fyodor" Lyon, creator of the popular NMap port-scanning tool, took Cnet to task for wrapping the installation of the tool in an installer that would also place a sponsored utility on the user's systems. During the week, security professionals found that other open-source security tools received similar treatment, including the wireless scanning tool Wireshark and the penetration testing tool Metasploit.

"Many people assumed that a major site like this wouldn't resort to unethical monetization schemes like adding spyware and other malware to their downloads," Lyon wrote in a blog post. "Unfortunately, those people were wrong."

For security professionals, Cnet's bundling of software is particularly egregious because privacy is highly valued and the addition of third-party software can undermine the security of system. Moreover, Cnet did not give adequate notice, argues HD Moore, chief security officer for Rapid7 and the creator of the Metasploit Framework, an open-source security tool.

Read more at :-
http://www.infoworld.com/t/anti-spyware/security-p...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 12th Dec, 2011 16:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Web scam-busting trio thwarted by mystery DDoS rocket

Backhanded compliment for fraud alert sites
By John Leyden

Posted in ID, 12th December 2011 12:03 GMT
A bunch of anti-scam sites were knocked offline last week by fierce and apparently well-organised distributed denial of service attacks.

The sites - 419eater.com, scamwarners.com and aa419.org (Artists Against 419) - were swamped with junk traffic for several days. During the attack the sites' administrators turned to blogs, Facebook and other alternative channels to distribute news of newly detected fake payment sites and other urgent anti-fraud information.

"These websites and their users provide excellent exposure for online fraud activities and have been responsible for allowing thousands of prospective victims to detect a scam in play, and get out before losses are incurred," an anonymous reader who was among those who told us about the attacks explained. "They also work actively to kill fake bank sites, fake freight forwarding sites and other criminal resources."

Both 419eater.com and scamwarners.com were back operating normally by Monday morning while aa419.org remains sluggish the load.

Read more at :-
http://www.theregister.co.uk/2011/12/12/anti_scam_...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 12th Dec, 2011 16:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Clickjacking attacks possible despite framebusting protection
Security researcher demonstrates that clickjacking protection implemented in browsers does not stop all such attacks
By Lucian Constantin | 12 December 11

The so-called framebusting mechanism implemented in browsers to help websites prevent clickjacking attacks doesn't live up to expectations, according to Google security engineer and Web security researcher Michal Zalewski, who released proof-of-concept code to demonstrate it.

"JavaScript allows you to exploit human cognitive abilities to a remarkable extent; tools such as window positioning, history.forward() and history.back() open some scary possibilities that we are completely unprepared to deal with," Zalewski said on his website.

"I wanted to showcase another crude proof-of-concept illustrating why our response to clickjacking -- and the treatment of it as a very narrow challenge specific to mouse clicks and <iframe> tags -- is somewhat short-sighted," he added.

Clickjacking, also known as user interface (UI) redressing, is a type of attack whose purpose is to trick users into performing unauthorized actions by misrepresenting the content displayed in their browsers.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3324495/c...

--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 12th Dec, 2011 17:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft releases old recovery software in new wrapper
The free Windows Defender Offline tool looks to be Standalone System Sweeper with a new name and support for Windows 8

By Woody Leonhard | InfoWorldFollow @infoworld

Last week Microsoft released (or perhaps I should say re-released) a beta version of Windows Defender Offline, a seriously useful tool for recovering dead Windows XP (SP3), Vista (RTM, SP1, SP2), Windows 7 (RTM, SP1), or Windows 8 (Developer Preview) systems. Yes, it even works on Windows 8.

Curiously, except for the Windows 8 support, it's almost identical to the old Microsoft Standalone System Sweeper.

Windows Defender Offline is designed to be used when you can't boot an infected PC. You create a Windows Defender Offline USB drive, CD or DVD, or ISO file, then boot from the Windows Defender Offline device. Windows Defender Offline performs a scan based on its stored signature files. Since you're not booting to the copy of Windows installed on your PC, Windows Defender Offline stands a fighting chance at identifying rootkits and other malware that fly underneath the operating system radar.

More at :-
http://www.infoworld.com/t/security-tools/microsof...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 13th Dec, 2011 20:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Chrome Stable Channel Update
Tuesday, December 13, 2011 | 08:00
Labels: Stable updates

The Google Chrome team is happy to announce the arrival of Chrome 16.0.912.63 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 16 contains some really great improvements including enhancements to Sync and the ability to create multiple profiles on a single instance of Chrome. You can read about it more on the Google Chome blog.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix
[81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community.
[95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno).
[$500] [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG.
[$1000] [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Mitja Kolsek of ACROS Security.
[100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG.
[101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu.
[101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar).
[101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team.
[$1000] [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis.
[$1000] [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis.
[$1000] [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to S&#322;awomir B&#322;a&#380;ek.
[$1000] [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG.
[$500] [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG.
[105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella).
[107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz.


The bugs [95465], [100863], [101494], [102359], [103921] and [105162] were detected using AddressSanitizer.

In addition, we would like to thank miaubiz, Eric Bidelman, and S&#322;awomir B&#322;a&#380;ek for working with us in the development cycle and preventing bugs from ever reaching the stable channel. Various rewards were issued.

Thanks for using Chrome! If you find a new issue, please let us know by filing a bug.

Have a happy holiday season!

Anthony Laforge
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 13th Dec, 2011 20:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft quietly launches $99/hr. paid support service
Answer Desk debuts with so little fanfare that Microsoft even deletes blog post announcement

By Gregg Keizer
December 13, 2011 10:28 AM ET
Computerworld - Microsoft has quietly launched a support website where experts charge $99 for one- or two-hour sessions designed to rid PCs of malware, speed up a machine or solve problems with Windows or Office.

Answer Desk debuted with no fanfare from Microsoft, which has not deigned to mention the new service in a press release or promote it on the front page of its domain, or even, surprisingly, on its consumer-slanted Windows website.

One of the few places the service does appear is on the Microsoft Store site, where Microsoft sells its own software, the Xbox game system and select OEM's Windows desktops, notebooks, tablets and smartphones.

The new support option is so low-key that Microsoft apparently scrubbed a Dec. 9 blog announcing Answer Desk. The blog, penned by Blake Morrison -- listed on LinkedIn as a Microsoft senior support escalation engineer -- no longer exists on Microsoft's TechNet blog network, although a cached edition was still available Tuesday morning.

According to Fusible.com, Answer Desk launched last Wednesday. Previously, the same site had reported that Microsoft had acquired the domain last September from a firm called NameRally, a Los Angeles, Calif. "domain parking" company.

The name of the site is clearly a reference to the Answer Desks at Microsoft's 14 brick-and-mortar stores that the company has modeled after rival Apple's "Genius Bar" in-store tech support.

Rates range from $49 for an hour of personalized training to $99 for one- or two-hour tech sessions that focus on cleaning a PC of malware, tuning up a system for maximum performance, or answering questions about Office, connecting to the Internet, and managing files and photos.


Microsoft launched Answer Desk, a new paid support service, in stealth mode last week.
The first chat with an Answer Tech is free, according to the site's FAQ, but additional sessions must be billed to a credit card.

Read more at :-
http://www.computerworld.com/s/article/9222626/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 13th Dec, 2011 20:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Winamp update addresses three remote code execution vulnerabilities
Winamp 5.623 fixes vulnerabilities that can be exploited via maliciously-crafted AVI files
By Lucian Constantin | 13 December 11

Nullsoft has released Winamp 5.623, a new version of its popular media player application, in order to address three vulnerabilities that could allow remote attackers to execute arbitrary code on people's computers.

The security flaws were discovered by Dmitriy Pletnev from vulnerability management firm Secunia and an independent researcher named Hossein Lotfi, who reported his finding through the company's vulnerability coordination reward program (SVCRP).

All three vulnerabilities were confirmed in Winamp 5.622, but older versions could also be affected. They are located in the application's in_avi.dll and in_mod.dll libraries and can trigger heap-based buffer overflows.

An attacker could exploit these vulnerabilities by tricking victims into opening specially crafted AVI or Impulse Tracker (IT) files. The remote attack vectors include malicious files stored on network shares and WebDAV resources, but also rogue playlists hosted on the Web.

"The vulnerabilities can be remotely exploited by e.g. on a website hosting a .m3u playlist, which is automatically opened and played by Winamp when viewed," said Carsten Eiram, Secunia's chief security specialist.

Winamp 5.623 also fixes other non-security-related bugs in MP3, MP4, AAC and FLAC encoding and decoding components. In addition, it contains miscellaneous tweaks, improvements and optimizations.

http://www.pcadvisor.co.uk/news/security/3324888/w...

--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 13th Dec, 2011 20:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
ICO tells firms they 'must try harder' to meet cookie obligations
by Dan Worth

The Information Commissioner's Office (ICO) has told companies that they "must try harder" to meet their obligations under the new cookie law, as the watchdog reaches the half-way stage in the one-year grace period before enforcing the law.
The amendment to the ePrivacy Directive came into force on 26 May and requires firms using cookies that gather data on visitors' behaviour and remember their preferences to achieve "prior consent" before installing and running the technology.

The ICO said that it will wait for 12 months while solutions are proposed and created for businesses to use before taking any action, but warned on Tuesday that they must double their efforts.

More at :-
http://www.v3.co.uk/v3-uk/news/2132088/ico-tells-f...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 14th Dec, 2011 10:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
Admits Duqu-like browser-based attacks possible

By Gregg Keizer

Computerworld - Microsoft today issued 13 security updates, one less than expected, that patched 19 vulnerabilities in Windows, Internet Explorer (IE), Office, and Windows Media Player.

The company punted on one bulletin it had planned to deliver today after SAP told it that the patch broke some of its software.

"The bulletin scheduled to address Security Advisory 2588513 was postponed due to a third-party application compatibility issue that will be addressed by the vendor, with whom we're working directly," Jerry Bryant, group manager in Microsoft's Trustworthy Computing team, said in a statement.

The scrubbed security update was to fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug demonstrated in September 2011 by researchers who crafted a hacking tool dubbed BEAST, for "Browser Exploit Against SSL/TLS."

Read more at :-
http://www.computerworld.com/s/article/9222639/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 14th Dec, 2011 17:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

DECEMBER 14, 2011
Google fixes 15 vulnerabilities in Chrome browser
The company releases Chrome 16 and pays researchers $6,000 for high and medium-risk security flaws found and fixed in the new Web browser

By Lucian Constantin

Google has released Chrome 16, a new stable version of its Web browser that addresses 15 high- and medium-risk vulnerabilities.

Four of the security flaws patched in this release stem from errors in Chrome's built-in PDF parser, which is based on Foxit's PDF SDK (software development kit).

Two of them have a medium severity rating and allow attackers to access parts of the system memory that weren't allocated to the program. This can result in the exposure of sensitive information.

The other two allow attackers to execute arbitrary code by tricking victims into opening maliciously crafted PDF files and have a high severity rating.

Other high-risk arbitrary code execution vulnerabilities were identified and fixed in the SVG, range, bidi and internationalized JavaScript handling components. One bug in the view-source feature allows for the address displayed in the URL bar to be spoofed.

In total, there were six high-risk, seven medium-risk and two low-risk vulnerabilities patched in Chrome 16. Seven of them were discovered by Chromium developers and members of the Chrome and Google Security Teams, while the rest were found by external researchers who earned $6,000 through the Chromium Security Reward program for their reports.

Six vulnerabilities were discovered with the help of an open-source tool called AddressSanitizer, Google Chrome engineer Anthony Laforge said in a blog post.

However, while the arbitrary code execution and unauthorized memory access flaws pose a serious risk in theory, their actual impact is severely reduced by Google Chrome's sandbox.

Sandboxing is an anti-exploitation technology that isolates potentially vulnerable components, like those used for content parsing, from the operating system. These components gain access to system resources through a special brokering process that's easier to keep free of bugs.

As a result, if an attacker exploits, for example, a Chrome PDF handling vulnerability, their actions are restricted to the sandboxed environment and they can't execute arbitrary code on the actual system.

A recent Google-funded study conducted by security consultancy firm Accuvant, determined that Chrome is the most secure browser when compared to Internet Explorer and Firefox. Accuvant's researchers analyzed the anti-exploitation technologies implemented in the three browsers, including process sandboxing, plug-in security, JIT hardening techniques, ASLR, DEP and stack cookies (GS).

http://www.infoworld.com/d/applications/google-fix...

--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 14th Dec, 2011 17:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
CERTIFICATION AUTHORITY Globalsign has admitted that it was the target of a recent attack, but added that its systems and certificates were not compromised.
The threat of exposure followed the efforts of the Comodohacker, who in early September hacked certificate authority Diginotar and issued bogus certificates as a result. At the time it was suggested that Globalsign had also been affected, but if it was, apparently it was not severely affected.
In a security incident report just released by the firm, it said that despite earlier suggestions it had found no evidence of any rogue certificates having been issued, that no customer data was exposed, and that no harm was done to its infrastructure or systems.
It did confirm that a peripheral web server, which is not part of its certificate issuance infrastructure and hosted a public facing web property, had been breached, however. This means that some data could have been exposed, including publicly available HTML pages, publicly available PDFs, and the SSL certificate and keys issued to www.globalsign.com. According to its statement these were deemed compromised and revoked.
Source:

More at :-
http://www.theinquirer.net/inquirer/news/2132668/g...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 14th Dec, 2011 17:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Typosquatters target Christmas shoppers: Websense
Cybercriminals are tageting fumble-fingered online shoppers
By Sophie Curtis | Techworld | 14 December 11

As online shoppers rush to buy presents in the run up to Christmas, security researchers have put out a warning to beware of "typosquatters," who prey on cack-handed typists that misspell domain and website names.
In particular, customers of major high-street brands such as Argos, Debenhams, and John Lewis are falling victim to cybercriminals that target mistyped web addresses. With British consumers expected to spend £3.72bn online this Christmas, this typosquatting is becoming an extremely lucrative business.

Websense claims to have discovered nearly 2,000 typosquatted domains, including: "debenahams", "johlewis" and "argoss." Typing these domains often leads to a page imitating the retailer in question, and encourages users to enter their credit card information. Alternatively, the site might inject malware or infect the user's system with spyware.

It also claimed that cybercriminals are registering variants of legitimate sites with false suffixes such as '.org' or '.net'. In October, Websense noticed that cyber criminals were registering huge numbers of fake website domains in preparation for the Christmas shopping spree.

More at :
http://www.pcadvisor.co.uk/news/security/3325130/t...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 14th Dec, 2011 18:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Credit card details not at risk
Final Fantasy developer and publisher Square Enix has announced that its member services have been hacked - though the company claims that credit card details have not been compromised.
The hack occurred on 12th of December, with details including usernames potentially stolen by the hackers. However, Square has stated that because the member services servers handled free accounts only, no credit card details had been compromised.
"While some personal information may have been accessed, we can confirm that there is no possibility of any credit card information leak from this incident, since the server in question stores no credit card information."
MCVUK has it that Square announced it had taken down the hacked server - American and Japanese versions of the member websites - for a few days in order to revamp security on the platform and investigate the incident.
"We are assessing the full extent of this potential breach to determine what data, if any, was compromised and will provide more details as soon as possible," the statement read.

This just adds to the number of game companies that have been hacked over the past year, though at least Square has announced it early, unlike companies like Sony that took over a week to let users know their information had been compromised.


Read more: http://www.itproportal.com/2011/12/14/square-enix-...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 15th Dec, 2011 22:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe promises Reader zero-day patch on Friday
Clues in code point to Chinese hackers behind attacks against defense contractors

By Gregg Keizer

Computerworld - Adobe today said it will release a patch Friday for an older version of the Reader PDF viewer to stymie attacks like those aimed at major defense contractors earlier this month.

Nine days ago, the company confirmed a critical bug in Reader and promised to fix the flaw in Reader and Acrobat 9.x this week.

The exploits uncovered by security researchers were aimed specifically at Reader 9.x using malformed PDF documents attached to bogus emails.

A day after Adobe acknowledged the vulnerability, researchers at Symantec confirmed that attacks had targeted defense contractors, as well as individuals working in the telecommunications, manufacturing, computer hardware and chemical sectors. The attacks spiked Dec. 1, Symantec said.

The attackers may have been hoping to steal confidential information from the targeted firms.

If opened by the recipient, the malicious PDF hijacked the Windows PC, then infected those machines with "Sykipot," a general-purpose backdoor Trojan that was first spotted being used in March 2010 as the payload in attacks exploiting a then-unpatched bug in Microsoft's IE6 and IE7.

More at :-
http://www.computerworld.com/s/article/9222712/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 15th Dec, 2011 22:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft gets silent upgrade religion, will push IE auto-updates
Copies Chrome and follows Firefox to get users onto the newest browser without asking permission

By Gregg Keizer

Computerworld - Microsoft today said it will silently upgrade Internet Explorer (IE) starting next month, arguing that taking the responsibility out of the hands of users will keep the Web safer.

The move is an acknowledgement by Microsoft that Google's model -- its Chrome browser has updated in the background without user involvement since it debuted more than three years ago -- is the right one.

"It's the future ... for all software," said Andrew Storms, director of security operations at nCircle Security. "At this point, at least in the consumer space, people are expecting software to be up to date, and for it to do it itself."

Microsoft must agree. Beginning in January it will roll out automatic upgrades of IE to the newest version suitable for a user's version of Windows. Windows XP users still on IE6 or IE7, for example, will be updated to IE8; Windows Vista or Windows 7 users running IE7 or IE8 will be pushed to IE9.
Previously, Microsoft has asked for user permission before upgrading IE from one version to the next, even if Windows' automatic updates are enabled.

More at :-
http://www.computerworld.com/s/article/9222690/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 16th Dec, 2011 23:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Adobe patches two vulnerabilities in Reader and Acrobat
Adobe releases out-of-band patch for Adobe Reader and Acrobat 9.x in order to address actively exploited vulnerabilities

By Lucian Constantin | IDG News Service


Adobe Systems has released Adobe Reader and Acrobat 9.4.7 in order to patch two vulnerabilities that are being actively exploited in attacks against companies from the defense industry.

One of the security flaws, identified as CVE-2011-2462, was announced on Dec. 6 after Lockheed Martin's Computer Incident Response Team and members of the Defense Security Information Exchange reported it to Adobe.

Symantec confirmed a few days later that the vulnerability had been exploited since the beginning of November in email-based attacks that targeted companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries.

Since the original advisory was published last week, Adobe has learned of a second vulnerability that was also being exploited in the wild. The company assigned an identifier of CVE-2011-4369 to the new flaw, but it's not clear if it's related to the same attacks as the first one.

"The Adobe Reader and Acrobat team was able to provide a fix for this new issue as part of today's update. Note also that at this time, we are only aware of one instance of CVE-2011-4369 being used," said Wiebke Lips, Adobe's senior manager of corporate communications.

Even though the vulnerabilities also affect the Adobe Reader and Acrobat X (10.x) branch, Adobe decided to postpone updates for these versions until the next scheduled update cycle on Jan. 10.

"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462 and CVE-2011-4369) from executing, we are planning to address these issues in Adobe Reader and Acrobat X for Windows with the next quarterly security update," the company said in a security bulletin published today.

Read more at :-
http://www.infoworld.com/d/security/adobe-patches-...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 17th Dec, 2011 21:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
It's nothing official, but Mozilla is definitely ready to move to Firefox 9 as they uploaded a candidate for the stable release of this version. You can download it straight from their FTP server.

Officially still in beta channel, Firefox 9 is scheduled to become stable on December 20, when the code migration for all editions is executed.

Among the new features of this version is Type Inference for the JavaScript engine, which should basically bring a huge speed improvement. The speed bump recorded in benchmarks show a 30% faster Firefox in Kraken and V8.

Another important feature is Do Not Track (DNT), which puts the users in control of the way information is collected by the websites they visit. The feature basically informs a page that you do not want your surfing behavior to be recorded by third-party content.

A more detailed list of new features is here. The current Firefox 9 build is still not a final product and may not be ready for official release.[/b]

http://news.softpedia.com/news/Firefox-9-Stable-Ca...

--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 17th Dec, 2011 21:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 11 Aurora to Include Chrome Migration With the web browser market share tilting more and more towards Google Chrome, the Firefox development team schemed up a way to at least allow the Chromers to switch to Mozilla’s product as easily as possible, if so they wish.

As such, they are already working on making it possible to migrate settings and data from Chrome, as it is available in the case of Internet Explorer, Opera and Safari. The development is half way to completion and should be ready in Firefox 11 Aurora when it launches officially, around December 20.

Up to this point, the progress covers migration of cookies, history and bookmarks, with passwords, form data and settings being all that is left to wrap the feature up; but other elements are also taken into consideration, such as search services, keywords, page zoom levels, geolocation permissions, storage permissions or proxies.

There will be no redesign of the current Import Wizard.


http://news.softpedia.com/news/Firefox-11-Aurora-t...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 18th Dec, 2011 13:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 18th Dec, 2011 13:08
Pidgin 2.10.1 Patches Security Vulnerabilities

The new version addresses four denial of service flaws.
Version 2.10.1 of the Pidgin open source IM client was recently released, patching several security flaws.

"The maintenance and security update addresses a total of four denial-of-service (DoS) vulnerabilities that could be exploited by an attacker to cause the application to be terminated," The H Security reports.

"According to the developers, three of these issues were caused by incoming strings not being validated as UTF-8, while the fourth was due to a bug in the XMPP protocol plug-in that made it fail if certain required fields were missing in an incoming message," the article states.

Go to "Pidgin IM client 2.10.1 fixes crashing vulnerabilities" to read the details.

http://www.esecurityplanet.com/patches/pidgin-2.10...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 18th Dec, 2011 13:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

How to Keep Your Credit Card Safe While Christmas Shopping Online

Since many Internet users prefer to avoid all the commotion from the stores and shop for Christmas presents online, it’s very useful to know how to protect a credit card and other sensitive information while doing so.


Android devices, iPads and even good old-fashioned PCs may be utilized these days to do some shopping before the holidays. To make sure no unfortunate incident occurs, with the help of the guys from Webroot, we’ll take a look at some tips to keep your assets safe.

Read more at :-
http://news.softpedia.com/news/How-to-Keep-Your-Cr...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 18th Dec, 2011 13:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New ransom Trojan cons victims with 'trial' version
Decrypts three files to prove its skillz
By John E Dunn | Techworld

Researchers at security company BitDefender have discovered a new ransom Trojan that scrambles its victims' data before cheekily offering them a 'trial' version of the software to prove its ability to successfully unlock files.

For the most part, Trojan.Crypt.VB.U and its variants behave much like any other ransom scam. Once loaded on a Windows system it scrambles any data files it finds before offering to unlock them for a fee, this time by sending them to a web page demanding a rather steep $69 (£44).

The malware's real innovation is its attempt to overcome reluctant victims' willingness to pay the fee by offering to decrypt three files in advance of them buying a full license.

BitDefender reports that the type of encryption used turns out to be a simple type of XOR algorithm, which means that decryption would not require huge brute force to break in this instance.

Ransom Trojans have been around for years, ranging from those using watertight encryption such as Gpcode to others manipulating social engineering to make victims believe their files are unrecoverable when they are actually being hidden in trivial ways.

More at :-
http://www.pcadvisor.co.uk/news/security/3325845/n...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 18th Dec, 2011 13:23
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security mandates aim to shore up shattered SSL system

Too little, too late
By Dan Goodin in San Francisco

A consortium of companies has published a set of security practices they want all web authentication authorities to follow for their secure sockets layer certificates to be trusted by browsers and other software.

The baseline requirements (PDF), published this week by the Certification Authority/Browser Forum, are designed to prevent security breaches that compromise the tangled web of trust that forms the underpinning of the SSL certificate system. Its release follows years of mismanagement by individual certificate authorities permitted to issue credentials that are trusted by web browsers. Most notable is this year's breach of DigiNotar, which led to the issuance of a fraudulent certificate used to snoop on 300,000 Gmail users in Iran.

The four dozen or so members of the CAB Forum still have a way to go, since their requirements are meaningless unless they are mandated by the software makers who place their trust in the authorities.

And it's not yet clear that will come to pass. Of the five browser makers queried for this article, only Opera has committed to make compliance with the requirements a condition for including an authority's root certificate in its software. A Mozilla official, meanwhile, said only that the requirements would be discussed among developers in online forums.

A Microsoft statement said the company "will work with the industry Auditors and Certificate authorities to get the new guidelines factored into the Microsoft Root Program." Company representatives didn't respond to an email asking what that means. A Google spokesman said Chrome trusts whatever CAs are trusted by the underlying operating system. Representatives from Apple didn't respond to emails seeking comment.

Read more at :-
http://www.theregister.co.uk/2011/12/17/ssl_certif...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 19th Dec, 2011 09:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
How and Why to Stay Anonymous Online

Most people tend to associate online anonymity with things such as cybercriminal activities or software piracy, but there is much more to it than that. Online anonymity is highly useful even for regular users since in many cases the use of a false identity can help us protect ourselves against malicious operations.


This weekend, at the first regional edition of DefCamp, held in Iasi, Romania, Andrei Avadanei gave a speech called Virtual Anonimity – What? Why? When? How? – in which he highlighted some of the most common techniques that can be utilized to keep our identities private while performing sensitive task or maybe even while trying to demonstrate a proof of concept.

First of all, depending on how paranoid you are and depending on how secure your identity must remain, there are different degrees of anonymity.

The first wave, which requires few things that are easy to implement, is mainly represented by the use of a public or a private proxy, the use of prepaid cards and maybe an internet connection that’s acquired from a public Wi-Fi network.

Applications such as Tor, tunneling software and SSL-secured connections are recommended, and when it comes to chat, encryption plug-ins for instant messaging apps can keep a conversation really private.



For those who need something more, a MAC-changer and the use of an operating system such as Linux tighten the protection around an Internet user’s anonymity.

A mistake that many people make while surfing thw web is the fact that they rely on components such as Java or Adobe, which contain many holes that can easily be exploited to uncover an identity.

More at :-
http://news.softpedia.com/news/How-and-Why-to-Stay...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 19th Dec, 2011 19:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FAQ: Microsoft's new IE auto-upgrade scheme explained
Who gets what, how to block the upgrade, and more

By Gregg Keizer
December 19, 2011
Computerworld - Last week Microsoft announced it is changing how Internet Explorer upgrades on Windows users' PCs in 2012. Taking users out of the equation, Microsoft said, will make the Web, and them, safer.

The move is a major departure from past practice, which required users to explicitly approve IE upgrades.

While experts have applauded the change, users aren't so sure: Most of the comments appended to Computerworld's story of last week were negative. Maybe they're not sure if it affects them, or when it will reach their PCs.

Or they just don't like Microsoft monkeying with their machines.

We've assembled some of the most pressing questions -- and answers, naturally -- about IE's auto-upgrade to help readers sort it out for themselves.

Read more at :-
http://www.computerworld.com/s/article/9222811/FAQ...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 19th Dec, 2011 20:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 19th Dec, 2011 20:07
Written by
Jon Martindale
19 December, 2011microsoft picture password windows windows 8

Faster than touch screen typing

Windows 8 will offer a different way to keep your personal account secure beyond the traditionally typed password: picture passwords that let you login by selecting certain sections of an image.

A similar technology has been used in mobile devices sporting the Apple iOS and Android operating systems, so it seems logical that Microsoft would bring the technology to its next gen operating system that has tablets and other mobile devices in-mind.

"At its core, the picture password feature is designed to highlight the parts of an image that are important to you," said a Microsoft spokesperson in a blog post. "It requires a set of gestures that allow you to accomplish this quickly and confidently."

Explaining the process, Microsoft's Zach Pace says that when creating the picture password, Windows 8 remembers the direction used when drawing. This means that should the user circle a person's face, or a specific feature of the image, it will recall whether they went clockwise or anti-clockwise. Similarly, if they draw a straight line, whether it goes left to right, right to left or any other combination, it will be remembered



Read more: http://www.itproportal.com/2011/12/19/windows-8-in...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 20th Dec, 2011 11:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IBM, HP, Microsoft lead patching laggards, says bug buyer
ZDI's six-month disclosure deadline results in 21 'zero-day' advisories for those firms' software

By Gregg Keizer

Computerworld - IBM, Hewlett-Packard (HP) and Microsoft led the list of companies that failed to patch vulnerabilities within six months of being notified by the world's biggest bug bounty program, according to HP TippingPoint's Zero-Day Initiative (ZDI).

During 2011, TippingPoint -- a division of HP -- released 29 "zero-day" advisories that provided information on vulnerabilities it had reported to vendors six or more months earlier. Ten of the 29 were bugs in IBM software, six in HP's own software and five were in Microsoft products.

Other companies on the list of late-to-patch vendors included CA, Cisco and EMC.

TippingPoint, which may be best known as the sponsor of the annual Pwn2Own hacking contest, buys vulnerabilities from independent security researchers, privately reports them to vendors and then uses the information to craft defenses for its own line of security appliances.

More at :-
http://www.computerworld.com/s/article/9222829/IBM...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 20th Dec, 2011 12:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Atari and Square Enix cough to exposing users' privates

Gaming security still sux
By John Leyden •

Posted in ID, 20th December 2011 08:59 GMT

Atari has apologised to gamers following a security breach that exposed their names and email addresses, leaving users at heightened risk of spam as a result.

The gaming outfit blamed the fairly minor breach (no credit cards or mobile phone numbers were exposed) on problems introduced during a migration to a new cloud-based server platform. The breach came to our attention via an Atari email (extract below) forwarded by Reg reader Troy, who commented: "Well, this sounds like fun, might explain all the recent spam I have been getting".

Read more at :-
http://www.theregister.co.uk/2011/12/20/atari_gami...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 20th Dec, 2011 12:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla Firefox 9 Stable Approaching Fast The stable release for Firefox 9 is scheduled for today and it seems like the launch is in straight line, as Mozilla’s FTP location for releases has been updated with a copy of Firefox 9.

As we reported on Saturday, a release candidate for the soon-to-be-officially-launched Firefox 9 was spotted on Mozilla’s servers in the nightly builds section.

The current build, also available for download from Softpedia, has still not received the approval stamp to be pushed to the users through Firefox’s update system. But as Mozilla accustomed us, the latest versions available in the “releases” folder are generally the same builds launched officially.

The highlights for Firefox 9 include type inference, support for Do Not Track queries through JavaScript, improved support for HTML5, MathML and CSS. You can view them explained in this article.

http://news.softpedia.com/news/Mozilla-Firefox-9-S...


--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 20th Dec, 2011 13:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Apache forges ahead with OpenOffice.org suite
Developer release planned; open source organization asserts trademark protection

By Paul Krill

InfoWorld - In its new role as steward of the OpenOffice.org open source office suite, the Apache Software Foundation expects to offer an Apache-branded version of the package for developers in 2012. Apache also is carefully guarding its trademarks.

Apache on Tuesday is releasing a statement about its OpenOffice efforts, entitled "Open Letter to the Open Document Format Ecosystem," which notes the planned 3.4 release, tentatively slated for early 2012. Adobe has just about completed with code clearance stage of the effort, said Don Harbison of the Apache OpenOffice project management committee in an interview.

Built for testing and debugging, version 3.4 is not intended to be a feature release but is geared to comply with Apache IP clearance policies. New end-user releases of OpenOffice.org eventually will follow. Improvements are eyed in areas such as digital signatures and metadata, with the suite adopting technologies from the OASIS ODF 1.2 specification. ODF is leveraged by OpenOffice.org.

More at :-
http://www.computerworld.com/s/article/9222862/Apa...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 20th Dec, 2011 13:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Is anyone really using Windows 8's preview?
With a download count larger than Windows 7 beta's, Microsoft's Windows 8 preview is being used by just a fourth as many people

By Gregg Keizer
Computerworld - Although millions have downloaded Microsoft's Windows 8 developer preview, relatively few are actually using it, Web measurements show.

During November, Windows 8 powered 0.03% of the computers -- or three out of every 10,000 -- that connected to the Internet, according to data from California-based Net Applications.

That's a small increase from the 0.02% Windows 8 garnered in October, the first full month after Microsoft released a developer preview of the still-under-construction OS to the public.

But Windows 8's current numbers pale in comparison to Windows 7's very early returns three years ago.

Microsoft released the first beta of Windows 7 on January 9, 2009 -- it never offered a developer preview to the general public -- and after a server-side overload, restarted downloads the next day. Three weeks later, Windows 7 accounted for 0.13% of all operating systems, or more than four times what Windows 8 has accrued in two-and-a-half months.

More at :-
http://www.computerworld.com/s/article/9222859/Is_...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 20th Dec, 2011 14:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Parental Advisory logo expanded to cover digital downloads
Online retailers and streaming sites will now include logo
By Carrie-Ann Skinner | PC Advisor | 20 December 11

The Parental Advisory logo which is displayed on CDs and DVDs and alerts Brits to content that contains explicit lyrics or scenes, has been expanded to cover digital downloads.

Online retailers Amazon, HMV, Napster UK, eMusic, 7digital and Tesco, along with music-video site Vevo, are among those that have agreed to display the logo and a link to the official Parental Advisory website, which offers information for parents about preventing kids from accessing content considered offensive or unbsuitable. Apple's iTunes has been using the logo for some time already.

Geoff Taylor, chief executive of the BPI, told the Telegraph: "We know that the parental advisory logo on CDs and DVDs has been a useful tool for parents, offering them a simple means of identifying music content that may not be suitable for their children".

"We believe that parents need the same guidance when their children are downloading or streaming songs or videos online, so we have extended the logo to digital music services. Our new website gives parents the details they need."

http://www.pcadvisor.co.uk/news/security/3326296/p...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 20th Dec, 2011 20:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
PC users unlikely to embrace Windows 8
By Gregg Keizer,

Computerworld - Research firm IDC expects to see few Windows 8 upgrades on desktops and laptops, and it even predicts that users of conventional PCs won't show much interest in Microsoft's upcoming operating system.

Microsoft is facing a tough sell with the new operating system, IDC said, because it's trying to span two worlds by offering one platform for tablets and conventional PCs.

"Windows 8 will be largely irrelevant to the users of traditional PCs," said IDC. "We expect effectively no upgrade activity from Windows 7 to Windows 8 in that form factor."

Explaining the dour forecast, IDC analyst Al Gillen said, "Customers will be asking, What value does Windows 8 bring to my desktops and laptops?' And the only real value I can see is it provides access to the Windows app store."

Microsoft first confirmed in August that Windows 8 will feature access to a store; the store will open when the Windows 8 beta ships.

Gillen said that application compatibility issues, and the recent flurry of enterprise adoptions of Windows 7, will also hamper Windows 8 acceptance on PCs.

More at :-
http://www.computerworld.com/s/article/9222747/PC_...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 20th Dec, 2011 20:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The KOOBFACE botnet, that’s known for using pay-per install and pay-per click mechanisms to help the masterminds that run it earn millions, has recently been upgraded with a sophisticated traffic direction system (TDS) that handles all of their traffic referenced to affiliate websites.


According to Trend Micro researchers, the TDS redirects traffic to locations that earn the crooks affiliate cash for each user they fool into accessing the specific sites.

Since Google implemented some security mechanisms that make sure botnets can no longer create fake email accounts that are highly useful for spamming and creating social media profiles, the cybercriminals began relying on Yahoo! Mail to help them with this task.

Once the email accounts are made, the botnet uses them to create other accounts on social networking sites such as Twitter, Tumblr, FriendFeed, FC2, livedoor, So-net, and Blogger.

Read more at :-
http://news.softpedia.com/news/KOOBFACE-Botnet-Use...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 21st Dec, 2011 18:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google keeps the pole position on Firefox searches

Google remains the default at Mozilla
By Dave Neal
Wed Dec 21 2011,
INTERNET SEARCH FIRM Google has retained its search engine as the default in Mozilla's Firefox web browser.
The deal will keep Google as the default search engine on Firefox for at least another three years and the organisations said it is also "significant and mutually beneficial" in terms of revenue.
"Under this multi-year agreement, Google Search will continue to be the default search provider for hundreds of millions of Firefox users around the world," said Gary Kovacs, CEO of Mozilla.
The firms did not announce any details of the deal, other than that they are both pleased about it. Google has its own stripped down web browser, Chrome, while recently Mozilla revealed in its financial reports that it makes 84 per cent of its revenue from the agreement.
"Mozilla has been a valuable partner to Google over the years and we look forward to continuing this great partnership in the years to come," added Alan Eustace, SVP of search at Google in a brief statement.

http://www.theinquirer.net/inquirer/news/2134075/g...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 21st Dec, 2011 18:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 21st Dec, 2011 18:16
Apple Safari used to exploit zero-day security hole in Windows 7
The vulnerability lets hackers inject malicious code on victim PCs through overly large Web page iFrames

By Ted Samson
Security company Secunia today announced a highly critical zero-day vulnerability affecting Windows 7, exploitable via Apple's Safari browser, of all things. Secunia confirmed that the vulnerability affects fully patched Windows 7 Professional 64-bit and cautioned that other versions may be affected.

The remotely exploitable vulnerability, caused by an error in win32k.sys, enables a hacker to run arbitrary code -- such as malware -- on a victim's machine when he or she visits a specially crafted Web page using Safari. Specifically, the Web page would simply need to contain an iFrame -- an HTML element that is typically used to pull content from other sources onto a Web page -- with an overly large "height" attribute.

The vulnerability was first made public via Twitter user "w3bd3vil," who tweeted on Sunday, "<iframe height='18082563'></iframe> causes a BSoD [blue screen of death] on win 7 x64 via Safari. Lol!"

More at :-
http://www.infoworld.com/t/security/apple-safari-u...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 21st Dec, 2011 18:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Warns of Malware Posing as Police Alerts

The ransomware imitates messages from local police, including the UK Metropolitan Police, the Spanish police, Dutch police, and many others.

Researchers at Microsoft have uncovered a new strain of malware that poses as a message from local police.

"The 'ransomware' -- malware that takes control of a user's device and demands payment to unlock the computer -- was detailed by Microsoft on Monday," writes ZDNet's Jack Clark.

"The malware imitates local country's police forces and, so far, poses as the UK's Metropolitan Police; the Spanish Police; the Dutch Police; Switzerland's Federal Department of Justice and Police; and Germany's GEMA and the German Federal Police," Clark writes.

Go to "Microsoft flags malware that poses as police" to read the details.

http://www.esecurityplanet.com/malware/microsoft-w...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 21st Dec, 2011 18:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla launches Firefox 9, speeds up JavaScript
Also ships new Android edition designed for tablets

By Gregg Keizer
December 21, 2011 12:18 PM ET
Computerworld - Mozilla on Tuesday shipped Firefox 9, claiming that the new browser processes JavaScript up to 36% faster than its predecessor.

The company also patched six Firefox vulnerabilities, and released a security update to the nearly-two-year-old Firefox 3.6 to quash a single bug there.

Firefox 9, released six weeks after November's Firefox 8, uses a technology called "type inference" in its SpiderMonkey JavaScript engine to generate native code more efficiently using the JaegerMonkey JIT (just-in-time) compiler Mozilla first added to Firefox last March.

The result: Firefox 9 renders JavaScript -- the backbone of many online games, content-rich websites and advanced Web apps -- between 16% and 36% faster than Firefox 8, according to results Mozilla posted from Mozilla's Kraken, Google's V8 and the widely-cited SunSpider JavaScript benchmark test suites.

More at :-
http://www.computerworld.com/s/article/9222925/Moz...


--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 22nd Dec, 2011 09:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Fake eBay Site Offers Cheap iPhone 4S

With the holidays approaching fast and people desperately searching for the perfect presents to buy for their loved ones and for themselves, crooks began setting up fake eBay sites that promise fabulous deals on some really cool gadgets.

Trend Micro researchers found such a website which perfectly replicates a legitimate eBay page that offers an iPhone 4S.


While the websites are almost 100% alike, the only thing that differs is the product’s price and the currency it’s traded in. Also, the fake sites are hosted on domains that are followed by /www.ebay.ie/ to trick potential victims into thinking they're real.

Once the Buy It Now button is clicked, the unsuspecting user is taken to a page that requests tons of personal information that can later be utilized by the crooks to commit fraudulent activities.



When the form is filled with the required data, instead of the actual transaction, the customer is advised to contact the seller via email.

Now, since the holidays are approaching and anyone can easily fall victim to such attempts, I will take this opportunity to remind everyone about a few basic safety tips while shopping online.

Read more at :-
http://news.softpedia.com/news/Fake-eBay-Site-Offe...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 22nd Dec, 2011 09:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
By Eduard Kovacs
Chase and Barclays Customer Accounts Targeted in Phishing Expeditions

With the holiday season quickly approaching and individuals making a lot of online transactions, cyber fraudsters pull out their old tricks from the closet and begin targeting once again the unsuspecting clients of financial institutions.


Chase and Barclays customers take the spotlight in the latest series of phishing scams discovered by GFI researchers.

Chase Bank clients are presented with a legitimate looking email that bares a link pointing to a well-designed phishing site that replicates the bank’s log-in page. After they provide the credentials, they are taken to another webpage that asks for even more sensitive details.

In the other series of emails, the ones that target Barclays customers, the recipients are warned that their accounts are suspended after someone made too many incorrect attempts to log-in.

The attached file unveils a cleverly designed form that requests tons of private data to allegedly reactivate the account. The crooks even warn that there is a time limit for the activation of the account to make sure the victims won’t hesitate in providing the valuable information.

Surname, membership number, passcode, memorable word, cardholder name, date of birth, mother’s maiden name, account number, card number, telephone passcode, CVV, and location related information are more than enough for the fraudsters to take over a bank account and make their holiday shopping.

After the information is provided, the user is redirected to the official website of Barclays, probably to make sure he won’t suspect anything until the crooks make away with the loot.

Internauts who are presented with these emails, or similar ones, are advised to delete them immediately and if there is any suspicion that the notification is legitimate, contact the financial institution involved using the contact details offered on their site, instead of using the information that may be contained in the email.

http://news.softpedia.com/news/Chase-and-Barclays-...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 22nd Dec, 2011 19:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Mozilla re-releases Firefox 9, backs out fix causing crashes
Macs crash most, says Mozilla, but problem also affected Linux and Windows editions

By Gregg Keizer
December 22, 2011 12:33 PM ET
Computerworld - A day after it shipped Firefox 9, Mozilla quickly released an update after backing out a bug fix that was causing some Mac, Linux and Windows browsers to crash.

Mozilla issued Firefox 9.0.1 Wednesday, making one user wondering if it was bogus because it appeared hard on the heels of version 9.

"Seeing links for [Firefox 9.0.1], why is it being released? Or is it a hoax?" asked a user identified as "hclarkjr" on a Mozilla support forum.

Other support discussion threads also included messages from users asking why Mozilla updated Firefox.

Although Mozilla did not specify in 9.0.1's release notes why it needed to re-release the browser, developers said that the update was prompted by crash reports, primarily from Mac users, although the Linux and Windows versions were also affected.

"We built Firefox 9.0.1 with bug 708572 backed out," said Alex Keybl, an engineering project manager on Mozilla's release team, on Bugzilla yesterday, "We've pushed Firefox 9.0.1 for all platforms. Although we think Windows is mostly unaffected, we still decided to move forward with Windows->9.0.1."

More at :-
http://www.computerworld.com/s/article/9222972/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 22nd Dec, 2011 19:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Remote authentication bypass vulnerability exposed for Siemens SCADA software
A security researcher upset with Siemens exposes the vulnerability in its SIMATIC SCADA software

By Lucian Constantin | IDG News Service


Google security engineer Billy Rios has publicly disclosed a remote authentication vulnerability in the Siemens Simatic software, which is used to control critical infrastructure systems worldwide.

The vulnerability was discovered back in May and was responsibly reported to Siemens, Rios said. However, according to the researcher, who found the bug in his spare time, Siemens recently denied its existence to the press.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

"Since Siemens has 'no open issues regarding authentication bypass bugs,' I guess it's OK to talk about the issues we reported in May," Rios said on his blog on Tuesday. "Siemens just blatantly lied to the press about the existence of security issues that could be used to damage critical infrastructure, but Siemens wouldn't lie, so I guess there is no authentication bypass."

More at :-
http://www.infoworld.com/d/security/remote-authent...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 22nd Dec, 2011 19:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Kaspersky Anti-Virus and Internet Security 2012 Vulnerable to Hackers

Medium severity vulnerabilities are found in Kaspersky Anti-Virus and Kaspersky Internet Security 2011/2012 which can allow an attacker to crash the complete software process.


Researchers from Vulnerability Laboratory found a flaw caused by an invalid pointer corruption when processing a corrupt .cfg file through the Kaspersky exception filters. The bug seems to be located in basegui.ppl and basegui.dll when a cfg file import is processed.

A proof of concept vide was also published along with the disclosure.

Read more at :-
http://news.softpedia.com/news/Kaspersky-Anti-Viru...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 22nd Dec, 2011 19:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
CCleaner 3.14 Improves Google Chrome Canary Support The latest build of CCleaner brings to the table several improvements and fixes; extended support for Google Chrome Canary is among the changes.

In this regard, Piriform has updated the process of cleaning areas such as saved form information, saved passwords and cookies in the web browser. Furthermore, CCleaner now brings to the table the possibility to clean “Network Action Predictor” in Google Chrome Canary.

CCleaner 3.14 also adds support for new programs, as it can clean Real Player 15, PerfectDisk 12.5 and Windows Media Center.

Additional changes include improved usability for the built-in startup manager and IE Add-on manager. Import/Export for cookies has also been bettered.

The complete set of changes for this version can be found on this page and you can download the portable version of CCleaner from here.

http://news.softpedia.com/news/CCleaner-3-14-Impro...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 22nd Dec, 2011 20:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Anonymous vows internet blackout if Stop Online Piracy Act is passed
by Dave Neal

Hacktivist group Anonymous has promised to strike back with an internet blackout if the controversial Stop Online Piracy Act (SOPA) is approved.
A vote on the legislation was delayed this week and is not likely to be held until the new year. However, Anonymous suggested that this delay is a smokescreen, and that the law "further proves the reality of corporate rule and totalitarianism".
"SOPA tramples civil rights laws, fair use, freedom of press and freedom of speech. Under SOPA an average person could be arrested, fined, sued and spend time in a federal prison for as little as uploading a video to YouTube or even linking to one," Anonymous said in a statement.
The group has vowed to strike back in a big way if the legislation becomes law, and has called on its members to deface web sites with protest messages in a bid to get the anti-Act message to as many people as possible.

More at :-
http://www.v3.co.uk/v3-uk/news/2134323/anonymous-v...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 23rd Dec, 2011 09:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
By Eduard Kovacs
Security Experts Advise Users to Ditch Java

After installing an operating systems on their computing machines, most individuals rush to install applications that help them browse the web. While many believe that without components such as Flash and Java they won’t be able to access certain content, there are always safer, more secure, alternatives.


F-Secure researchers report that many people use Java, but in reality they don’t need it, its presence only giving cybercriminals the opportunity to exploit the device it’s installed on.

The main issue is that a lot of Internet users confuse Java with JavaScript, a crucial component for the web.

“If you're running Java, but not the latest version, you're vulnerable. So either you have to check at all times that you have the latest version of Java — or get rid of it altogether,” said F-Secure’s Mikko Hypponen

After studying the infamous Blackhole exploit kit’s control panel, the experts discovered that more than 16,000 computers were taken over using the Java Rhino vulnerability.

If you really need Java for online banking or other Internet apps, it’s recommended that you install the Java plug-in in a separate browser that you utilize only for the specific tasks, allthough, many have discovered that after uninstalling the dangerous component, their daily activities are not affected in any way.

“Also note that Chrome has been doing a good job in sandboxing or otherwise securing risky add-ons and extensions. Many Java exploits do not work against Chrome. Also, Chrome does not use an Adobe Reader plugin to render PDF files. This is good news, as Chrome is quickly becoming the most common browser on the planet,” Hypponen adds.

The bottom line is that third party components present a lot of security flaws which can be easily taken advantage of by hackers. Those who need to use them are advised to keep them updated at all times, but also check out the newer, more secure, alternatives.

http://news.softpedia.com/news/Security-Experts-Ad...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 23rd Dec, 2011 10:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
By Eduard Kovacs
Hacked Friend: I’ve Been Mugged; Send Money.
During the holidays, when people tend to travel more, you can expect an email from one of your friends who desperately needs your help after he's been mugged and left without a dime. In many situations, this means that the friend’s email has been compromised and the hackers are relying on it to send their malicious schemes.


The clever technique utilized by cybercrooks these days is presented to us by Microsoft researchers.

The phony email, that seems to be a legitimate one, sent by a person from your contact list may look something like this:

I hope you get this on time, I made a trip to Edinburgh Scotland, and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle hotel bills.

I've made contact with my bank but it would take me days to access funds in my account from Edinburgh, I need you to lend me some funds to cover these expenses. I can give back to you as soon as I get in.

I can be reached by email, as I lost my phone in the robbery and don't have access to a phone at the moment.

Individuals who receive the scam emails are advised to alert their friends and recommend them to change the password. If the password has already been changed, they can utilize the reset password features, considering that they provided an alternative email address and a secret question when the hijacked account was created.

Hotmail customers can also notify Microsoft on the fact that their friend’s assets were compromised by using the My friend’s been hacked tool. The tool is easy to use and can be found in the Mark as menu.

http://news.softpedia.com/news/Hacked-Friend-I-ve-...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 23rd Dec, 2011 12:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Windows 8 picture password is 'Fisher-Price toy,' says father of 2-factor authentication
'I don't think it's serious security,' says Kenneth Weiss of next Microsoft OS security feature

By Tim Greene

The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token.

"I think it's cute," says Kenneth Weiss, who now runs a three-factor authentication business called Universal Secure Registry. "I don't think it's serious security."

The major downside of the picture password is that drawing a finger across a photo on a touch screen is easy to video record from a distance -- making it relatively easy to compromise, he says. Designers of alpha-numeric passwords recognize this danger and have responded to it by having password characters appear as dots on the screen so the password can't be copied down.

Designers of Windows 8's picture login have made a traditional password an alternative, perhaps in acknowledgement of this shortcoming, he says.

Other problems include backing up the touch pattern that is the login. "To put down a description of the sequence is possible, but that's a lot of writing," he says.

All in all, "It's more like a Fisher-Price toy than a serious choice for secure computer access," he says.

Still, it's better than nothing, he says, and it is raising awareness of login security.

Windows 8 (See also: "8 hot features in Windows 8") is the next version of the Windows operating system, now due for beta release in February. It's expected to be generally available later next year featuring touchscreen navigation and commands as well as support for tablets. Not all apps that run on Windows 7 will be compatible with the touchscreen capabilities, but mouse and keyboard devices will enable all apps that ran on Windows 7.

The new operating system shoots for power efficiency, better security and compatibility with ARM-based chips (read tablets and next-generation PCs), all of which could make Windows 8 attractive to businesses.

http://www.infoworld.com/d/security/windows-8-pict...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 23rd Dec, 2011 17:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft Confirms Windows 7 Vulnerability

Microsoft representatives posted a message on their German Chief Security Advisory Blog in which they confirm the vulnerability found a few days ago by WebDevil who showed that by accessing a specially crafted HTML file in Safari someone would be able to crash the operating system.


The researchers claim that the weak point lies in a Windows component and not the browser, but since browsers are mostly responsible for calling the specific function, it’s believed that other browsers such as Internet Explorer versions prior to 9 could be affected.

At the moment, Microsoft is in contact with Apple trying to figure out what exactly causes this behavior.

They didn’t manage to reproduce the flaw in the 32-bit versions of Windows 7 and they state that it’s unlikely for someone to abuse this vulnerability.

“In addition, our colleagues in the US do not believe that the vulnerability is capable of infecting Windows systems with malware,” Michael Kranawetter said. “Microsoft is not aware of any attacks targeting the vulnerability.”

For now, it’s very unlikely that Microsoft will publish a security advisory, but since the investigation still continues the final decisions are yet to be made.

More at :-
http://news.softpedia.com/news/Microsoft-Confirms-...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 23rd Dec, 2011 17:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Rift Developer Trion Worlds Hacked

Written by
Jon Martindale

Trion Worlds, the developer behind the massive multiplayer online (MMO) game Rift, has had its servers hacked, losing information that includes user names, passwords, email addresses, billing addresses and credit card information.

This announcement was made on the official Trion website and through an email sent to subscribers and anyone who's previously held an account with the firm. It describes that almost every piece of stored information about the company's users was taken, including: "user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards."

Trion was quick to point out that "There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way." Well that's good at least right? At least Trion didn't let the hackers take everything, they only took almost everything.

The tone of the entire email is equally unattached, describing the hack as "recent" but not providing a time frame of when it might have occurred or how long Trion has known about it. Don't worry though, the developer saw fit to highlight in bold the following section of text which is obviously the most important part about the hack:


"You should have continued, uninterrupted access to RIFT, and we do not anticipate any disruptions to your playing time."

Throughout the communication there is only one apology and it's for the inconvenience, not for entrusting our information to an unsecured server.



Read more: http://www.itproportal.com/2011/12/23/rift-develop...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 28th Dec, 2011 01:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
HP Releases Firmware Update to Prevent Unauthorized Access

After Columbia University researchers Ang Cui and Salvatore Stolfo found a vulnerability in HP LaserJet printers that could allow a hacker to remotely control it to launch cyberattacks, steal information and in some scenarios even set it on fire, HP released a firmware update to mitigate the issue.


“HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP,” reads the company’s statement.

“HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.”

While this may all be good, what the researchers demonstrated back in November has raised a lot of controversy. Some even sued the company for not warning their customers on the presence of the vulnerabilities, especially since earlier reports showed that high-level security risks did exist in printers.

Read more at :-
http://news.softpedia.com/news/HP-Releases-Firmwar...

--
Was this reply relevant?
+0
-0
mogs CClip 105
Expert Contributor 28th Dec, 2011 01:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Opera 11.61 to Be Released in January The exact date for a new stable build of Opera 11 to pop up has not been set yet, but Opera 11.61 is planned for release in the first month of 2012. In the meantime, the development team of the browser pushed out a test snapshot for the next stable version.

The set of modifications available in this Opera 11.61 release includes mending of crashes occurring in specific scenarios, such as closing feeds tab while dialog is open or when closing a tab that has the Star menu opened. Also, NFL.com no longer crashes on systems equipped with Ad Muncher.

Some repairs to the mail module have also been operated, permitting updating the mail from version 9.27 without crashing the browser. Additionally, new mails are no longer sorted by date behind old messages.

Note that Opera 11.61 snapshot defaults to installing over the stable version. Check out the full changelog on this page.

http://news.softpedia.com/news/Opera-11-61-To-Be-R...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Expert Contributor 28th Dec, 2011 01:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Your browser can only protect you so much from phishing attacks; Here are three common problems caused by phishing, and how to solve them

By Bill Snyder | CIO.com


Figures don't lie, the old aphorism goes, but liars can figure. And after nearly 20 years covering technology, I've realized that you could update that saying to: Benchmarks don't lie, but liars can benchmark.

What brings this to mind is a nasty war of words between Microsoft and Mozilla, the publishers of Firefox, over whose browser is more secure. Both are pointing fingers at the other, claiming that their benchmarks really tell the tale.

I'm not saying any of these folks are actually lying, but they're using benchmarks and other statistics to prove a point they want to make and make themselves look as good as possible. My advice is to ignore the argument; the only people who really care about it are the people who work for one side or the other, and tech writers who love nothing more than conflict. As it happens, all three of the major browsers -- Microsoft's Internet Explorer, Mozilla's Firefox, and Google's Chrome -- are more than secure enough for most consumers and businesses.

That's not to say you can forget about security on the Web. The browser is part of your defense, but a bigger part is your brain. That's right, the smart user who pays attention to what he or she sees on the screen is always safer, particularly against a very nasty tactic called "phishing."

By now you've probably heard of phishing. It's an email or Tweet or Facebook message that appears to come from someone you know or an institution you do business with, like your bank or credit card company. It will contain a link that might do something as harmless, though annoying, as taking you to a site to look at advertising you don't want to see, or in the worst case, download malware onto your computer.

Browsers and your basic security software will detect many phishing attacks, but not all. So, I'll repeat what you should already know. If a message looks odd, look carefully at the address. If you see something from say Chase, that comes from chase@online.com (that came to me the other day), delete it. In fact, never click on a link in an email unless you know for sure who sent it.

Read more at :-
http://www.infoworld.com/d/security/3-ways-save-yo...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Expert Contributor 28th Dec, 2011 01:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Report: Phishing attack targets Apple customers
By Jason Snell
December 26, 2011 02:40 PM ET
Macworld - A "vast phishing attack" that attempts to capture the credit card information of Apple customers was launched on Christmas day, according to a report from Mac security-software company Intego.

In a posting on its Mac Security blog, Intego says that the attack is an attempt to fool Apple customers into clicking on a link under the guise of updating the billing information of their Apple accounts.

If you click on the link in the message, you will be taken to a realistic looking sign-in page, then, after entering your Apple ID and password, you'll be taken to a page asking you to update your account profile, notably entering your credit card information. Again, this page looks realistic, and many of the elements it contains are taken from Apple's own webpages.

Intego reports that the messages are being sent with the subject "Apple update your Billing Information" from a spoofed email address of "appleid@id.apple.com," though of course future emails from the same source might vary somewhat.

If you hover your mouse over the hyperlink in the (impressively forged) email address, you'll see a floating box that reveals the real destination of that link: the telltale chain of four numbers that specifies a numeric IP address, rather than a link to somewhere within the apple.com domain. As Intego rightly points out, "if it's not something.apple.com (it could be www.apple.com, store.apple.com, or something else), then it's bogus."

More at :-
http://www.computerworld.com/s/article/9223023/Rep...

--
Was this reply relevant?
+0
-0
mogs CClip 108
Expert Contributor 28th Dec, 2011 10:08
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Japanese boffins crack arse-based ID recognizer

For two per cent it’s a bum rap
By Iain Thomson in San Francisco
Posted in Security, 27th December 2011 21:08 GMT

Researchers at Japan’s Advanced Institute of Industrial Technology have developed a seat that can identify the user by the shape and heft of their buttocks.

The seat, currently designed for use in the car industry, contains 360 sensors measuring pressure points, on a scale or one to 256, and uses the data to build a US-style fanny fingerprint of the designated driver. The system is 98 per cent accurate, associate professor Shigeomi Koshimizu told Physorg.


http://www.theregister.co.uk/2011/12/27/japanese_b...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Expert Contributor 28th Dec, 2011 10:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
phpMyAdmin Update Patches Two Security Flaws

Version 3.4.9 patches vulnerabilities that could be exploited for XSS attacks.

December 26
Version 3.4.9 of phpMyAdmin was recently released.

"The update fixes vulnerabilities in the phpMyAdmin setup interface and the export panels in the server, database and table sections that could be exploited for cross-site scripting (XSS) attacks," The H Security reports.

"All 3.4.x versions up to and including 3.4.8 are affected -- upgrading to 3.4.9 corrects the issues," the article states.

Go to "phpMyAdmin 3.4.9 fixes XSS vulnerabilities" to read the details.

http://www.esecurityplanet.com/patches/phpmyadmin-...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Expert Contributor 28th Dec, 2011 10:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FreeBSD Releases Five Security Advisories

One of the flaws was being actively exploited in wild, according to FreeBSD security officer Colin Percival.

December 27
FreeBSD security officer Colin Percival recently announced the release of five security advisories, just in time for Christmas.

"According to Percival, the developers had to do it because one of the flaws, a remote root vulnerability in telnetd, was being actively exploited in the wild and that, while 'most people have moved past telnet and on to SSH by now,' the security problem was not 'an issue we could postpone until a more convenient time,'" The H Security reports.

"The telnetd advisory notes that the daemon has been disabled by default in FreeBSD since August 2001 and that, although there is no workaround, just disabling the telnetd daemon will eliminate the possibility of an attacker using it to run arbitrary code with with daemon's privileges," the article states.

Go to "FreeBSD issues five security advisories for Christmas" to read the details.

http://www.esecurityplanet.com/open-source-securit...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Expert Contributor 28th Dec, 2011 10:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Embedded attacks and emerging targets to dominate 2012 security landscape McAfee has painted a gloomy security picture for 2012 in which enterprises and criminals shift to new platforms and tactics for securing and infiltrating networks.
The company's 2012 Threat Predictions Report said that attacks on industrial systems and embedded hardware will continue as utility companies increasingly use network-connected systems to control infrastructure.

Dave Marcus, head of research and communications at McAfee Labs, told V3 that the danger of attack on industrial systems could be compounded as hacktivist groups such as Anonymous shift to political protests.
"The embedded attacks have been talked about for a while, but it was only in 2011 that it started taking off. There is a lot more discussion going on than ever before," he said.
McAfee also predicts an increase in the use of phoney or compromised digital certificates, such as the Diginotar breach, to spread malware and launch targeted attacks.

Read more at :-
http://www.v3.co.uk/v3-uk/news/2134518/embedded-at...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Expert Contributor 28th Dec, 2011 17:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Security headlines you'll never read
News about successful hacks isn't news at all because no one is doing security right and everyone's been breached
Whenever I read another article about how Company X or University Y or Governmental Organization Z was "recently" hacked -- usually "by the Chinese" -- I can't help but chuckle. Those headlines -- the most recent about the U.S. Chamber of Commerce -- shouldn't read, "Company X was hacked!" They should read, "Company X has been hacked for years but just now noticed!"

Headlines that, to me, would truly be newsworthy include:

"Company fully patches Java and Adobe products"
"Organization trains end-users to recognize basic social engineering attacks"
"IT department reviews all its event logs"
"Company runs SQL database app without SQL injection exploits"
"Prominent corporate website not subject to XSS exploits"
"Company knows where all of its data is"

Stories about successful attacks are old news because everyone's already been hacked. You won't find a decent computer security expert who'll tell you otherwise. I'm dumbfounded by the fact that, despite the severity of the problem, we still aren't doing anything differently to protect ourselves.

How do these "uber" hackers pull off the types of attacks that make headlines? By exploiting unpatched software, taking advantage of poor passwords, targeting an application vulnerability, or duping one or more users into running something they shouldn't. It's a short and simple list, but apparently no one is taking the simple steps needed to protect themselves.

On a broader level, how bad does it have to be before we, as a society, demand that our leaders get together to fix the Internet already -- before a catastrophe occurs?

http://www.infoworld.com/d/security/security-headl...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Expert Contributor 28th Dec, 2011 18:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Millions of Wireless Routers Exposed to Brute Force Attacks

A design flaw recently discovered in the WiFi Protected Setup (WPS) could make it easier for hackers to launch a brute force attack on the PIN of a device since they can easily find out when the first half of the 8 digit PIN is accurate.


The United States Computer Emergency Readiness Team (US-CERT) was recently informed on the issue by security researcher Stefan Viehbock who found the weakness.

WPS, the computing standard developed to make it easier for users to secure home wireless networks, contains an authentication method called “external registrar” that only requires the router’s PIN to allow access.

It turns out that by design this method is susceptible to a brute force attack against the device's PIN.

Read more at :-
http://news.softpedia.com/news/Wireless-Routers-Ex...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Expert Contributor 29th Dec, 2011 04:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 29th Dec, 2011 05:04
Microsoft announces ASP.NET zero-day vuln

Workaround ahead of patch
By Richard Chirgwin

Posted in Security, 28th December 2011 22:33 GMT

Just in case anybody’s got a BOFH working at the moment, pay attention: Microsoft has released a security advisory covering a zero-day vulnerability in ASP.NET.

“The vulnerability exists due to the way that ASP.NET processes values in an ASP.NET form post causing a hash collision,” the advisory says. The vulnerability exposes users to denial-of-service attracks.


An attacker could craft an HTTP request containing thousands of form values, which would consume all of the CPU resources of the target machine. Sites serving only static pages are not vulnerable to the attack. “Sites that disallow application/x-www-form-urlencoded or multipart/form-data HTTP content types are not vulnerable”, the advisory states.

Microsoft is not yet aware of any exploits in the wild.

As a workaround ahead of the patch, according to the advisory, is to set a limit to the size of HTTP request the server will accept. ®
http://www.theregister.co.uk/2011/12/28/ms_zero_da...

MS Security Advisory at :-
http://technet.microsoft.com/en-us/security/adviso...

--
Was this reply relevant?
+0
-0
mogs CClip 115
Expert Contributor 29th Dec, 2011 10:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Written by
Ravi Mandalia

29 December, 2011hackers data breach csdn china

Last week unknown hackers invaded Chinese cyberspace and stole personal credentials belonging to millions of the country's netizens. And, to make things worse for the victims, now it seems like all the stolen information including their names, email ID, password etc. have been posted online.

According to reports, the Chinese Software Developer Network (CSDN) was breached in the incident and its user database has been made available for public download. The database reportedly contains the emails and passwords of all its 6 million registered users.

The Chinese Software Developer Network happens to be the most popular website in the country for programmers.



Read more: http://www.itproportal.com/2011/12/29/hackers-stri...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Expert Contributor 29th Dec, 2011 10:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

December 29th, 2011, 07:40 GMT · By Eduard Kovacs
Microsoft Releases Out-of-Band Security Bulletin for ASP.NET/IIS on All Windows Versions

On December 29, 2011, at 10:00 AM Pacific Time Microsoft will release an out-of-band security update to address a critical security flaw found in ASP.NET, that affects all supported versions of the .NET framework, which could allow for an unauthenticated denial-of-service (DoS) attack on servers that serve ASP.NET webpages.


These attacks that exploit hash tables, known as hash collision attacks, are not specific to Microsoft technologies, but other web service software providers may be affected.

The weakness exists because of the manner in which ASP.NET processes values in ASP.NET form post. An attacker could send a small number of specially crafted posts to an ASP.NET server, causing the machine’s performance to decrease enough to cause a DoS condition.

While the information is out there and hackers could take advantage of it, Microsoft is unaware of any active attacks that rely on this flaw.

Until the update is released, users should know that by default IIS is not enabled on currently supported versions of the operating system and sites that don’t allow application/x-www-form-urlencoded or multipart/form-data HTTP content types are not susceptible to an attack.

Basically, sites that only serve static content or those that disallow the dynamic content types mentioned above are not vulnerable.

The update will be made available for all versions of Windows, including Windows XP Service Pack 3, Windows Server 2008 and Windows 7 for 64-bit systems. All Windows operating system users are advised to install the update as soon as it’s released to prevent any unfortunate incidents.

For now, there are no further details on the issue that affects Windows 7 64-bit, but judging by what Microsoft revealed on its German blog last week, it’s unlikely that something might be done too soon. They haven’t provided any more details on that certain issue, last time we heard from them the problem was still being investigated.

http://news.softpedia.com/news/Microsoft-to-Releas...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Expert Contributor 29th Dec, 2011 12:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Apache Tomcat Workaround for Hashtable Collision DoS Vulnerability

A couple of researchers found that a critical vulnerability affects most web application frameworks, allowing a cybercriminal to launch denial-of-service (DoS) attacks. Since Apache Tomcat web server is among the ones affected, the Tomcat security team came forward with a workaround for the issue.


Apache Tomcat is vulnerable to the flaw rooted in the Java hashtable implementation because it utilizes a hashtable for storing HTTP request parameters and since Oracle doesn’t plan on fixing the problem in the JRE, Tomcat has implemented a workaround for it.

More to read at :-
http://news.softpedia.com/news/Apache-Tomcat-Worka...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Expert Contributor 29th Dec, 2011 12:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Ruby Flaw Allows Hackers to Launch DoS Attacks

A serious vulnerability that could allow a cybercriminal to issue a denial-of-service (DoS) attack on Ruby was found. The attack is possible with the aid of a specially crafted series of strings that collide their hash values.


The deterministic hash function used to hash a string in the 1.8 series of Ruby, which makes sure that no other bits of information than the input string itself is involved in generating the hash value, allows for the string’s hash value to be pre-calculated beforehand.

“By collecting a series of strings that have the identical hash value, an attacker can let Ruby process collide bins of hash tables (including Hash class instances),” reads the issue’s description.

“Hash tables' amortized O(1) attribute depends on uniformity of distribution of hash values. By giving such crafted input, an attacker can let hash tables work much slower than expected (namely O(n2) to construct a n-elements table this case).”

All the versions of Ruby 1.8.7-p352 and prior are affected by the issue, but the 1.9 series are off the hook since they don’t share the same hash implementations.

More at :-
http://news.softpedia.com/news/Ruby-Flaw-Allows-Ha...

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 29th Dec, 2011 12:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
McAfee Predicts High Profile Industrial Attacks in 2012

Written by
Ravi Mandalia..
29 December, 2011data breach mcafee cyber attack cyber war

Security software provider McAfee has claimed that the coming year could witness more sophisticated and organised cyber attacks on high-profile targets all across the globe and more hacktivist groups are likely to emerge in 2012.

McAfee claimed that there will be an increase in threat from spam attacks targeting digital wallets and virtual currencies. The possibilities of many world governments engaging one-another in cyber wars can't be ruled out, McAfee stated.

The McAfee 2012 Threat Prediction report also highlighted on the point that industries and corporates are likely to be on the priority lists of hackers throughout the world.


Most of the organised hack attacks carried out during the current running year were primarily targeted at global corporations as well as government offices and financial hubs. And, if we are to believe McAfee's report, the trend will not only sustain, but will significantly rise.



Read more: http://www.itproportal.com/2011/12/29/mcafee-predi...

--
Was this reply relevant?
+0
-0
mogs CClip 120
Expert Contributor 29th Dec, 2011 16:13
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
IPv6 doomsday won't hit in 2012, experts say
As old addresses disappear, most enterprises can spend the year preparing for the new protocol

By Stephen Lawson
December 29, 2011 06:07 AM ET
IDG News Service - Next year will see one more regional Internet registry run out of IPv4 addresses, but 2012 will be more of a year to prepare for the inevitable shift to IPv6 than an Internet doomsday, according to networking experts.

By midyear, Europe's RIPE NCC (Rseaux IP Europens Network Coordination Centre) is expected to allocate the last of its addresses under the version of Internet Protocol used by most consumers and enterprises now. That event will follow the depletion in April of addresses controlled by APNIC (Asia-Pacific Network Information Centre), the first of the five regional registries to run out of addresses for enterprises and service providers.

Read more at :-
http://www.computerworld.com/s/article/9223064/IPv...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Expert Contributor 29th Dec, 2011 16:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hacked Stratfor security think tank keeps site offline

Participants in the hacktivist group Anonymous are using Twitter to provide more detail about the attack

Hacked US security firm Stratfor has told its subscribers that it may take a week or even longer to restore its website.

The site went offline on 24 December.

Hackers have posted credit card details, email addresses, phone numbers and encrypted passwords which they said were taken during the attack.

Stratfor has said it will pay for a credit card fraud protection service for members whose payment details might have been compromised by the breach.

Tweets posted on accounts linked to the hacktivist group Anonymous said that the US Department of Defense, the defence firm Lockheed Martin and Bank of America were among Stratfor's clients.

A recent message posted by @YourAnonNews added that other parties affected by the hack included Google, American Express, Coca-Cola, Boeing, Sony, Microsoft and the mining group BHP Billiton.

More at :-
http://www.bbc.co.uk/news/technology-16352891

--
Was this reply relevant?
+0
-0
mogs CClip 122
Expert Contributor 29th Dec, 2011 17:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The wait for VLC 1.2.0 is close to an end as the development team just launched a pre-release for this version.

It is a major version, so changes abound; they affect packagers, codecs, demuxers, audio filters and output and video filters. Additionally, a hefty set of modules has been removed.

One important note for Windows users is that this version works only with Windows XP SP2 or later. Earlier Windows editions (Windows 2000 SP4, Windows XP < SP2, Windows 2003 SP0) are no longer supported.

Also important is the fact that almost every video filter can now be transcoded and it can be ported to mobile operating systems (Android and iOS) as well as 64-bit Windows.

Blu-ray support relies on the VideoLAN project libbluray and it can currently open unencrypted disks and backup folders; for commercially encrypted media a special setup is required.

Download VLC for Windows
http://news.softpedia.com/news/VLC-1-2-0-Pre-relea...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Expert Contributor 29th Dec, 2011 20:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Websites, apps vulnerable to low-bandwidth, bot-free takedown, say researchers
Microsoft rushes out emergency update for ASP .Net, first 'out-of-band' in 2011

By Gregg Keizer
December 29,
Computerworld - Hackers armed with a single machine and a minimal broadband connection can cripple Web servers, researchers disclosed Wednesday, putting uncounted websites and Web apps at risk from denial-of-service attacks.

In a security advisory issued the same day, Microsoft, whose ASP .Net programming language is one of several affected by the flaw, promised to patch the vulnerability and offered customers ways to protect their servers until it releases an update.

In a follow-up message, Microsoft announced it was shipping an "out-of-band," or emergency update today. The update was released at 1 p.m. ET. Designated MS11-100, it also fixed three other bugs in ASP .Net, one tagged "critical." None of those three had been disclosed publicly prior to today.

The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle's Java and Google's V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde.

Klink and Walde, who presented their findings at the Chaos Communication Congress (CCC) conference in Berlin on Wednesday, traced the flaw to those languages' -- and others' -- handling of hash tables, a programming structure used to quickly store and retrieve data.

More at :-
http://www.computerworld.com/s/article/9223069/Web...

--
Was this reply relevant?
+0
-0
mogs CClip 124
Expert Contributor 30th Dec, 2011 09:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
December 30th, 2011, 06:44 GMT · By Eduard Kovacs
Microsoft Releases Security Update for DoS Issue in ASP.NET

Microsoft rushed to release an out-of-band security update to resolve a denial-of-service (DoS) issue that affected ASP.NET versions 1.1 and later on all supported variants of the .NET framework. A large number of web platforms are affected by the hash collision problem, but the Redmond company was among the first to act on it.


The MS11-100 security bulletin fixes a vulnerability that exists in the way ASP.NET hashes specially crafted requests. The hash collisions that occur when malicious data is inserted into hash tables could overwhelm a server’s CPU resulting in a DoS condition.

Besides this, other weaknesses are resolved in the latest security update.

A phishing attack could be launched by a hacker using a spoofing vulnerability that verifies return URLs during the form authentication process. By exploiting this flaw, an attacker is able to redirect a user to a malicious website that’s cleverly set up to obtain private information.

An authentication bypass vulnerability that exists in ASP.NET forms is more difficult to exploit, but if an attacker manages to register an account on the application and knows the name of the targeted account, he could utilize a special web request to initiate any action, including code execution, using the targeted account.

Finally, an authentication ticket caching weakness allows for a cybercriminal to execute arbitrary code due to the way cached content is handled by the framework when Forms Authentication is used with sliding expiry.

Combined with some social engineering, an attacker could send potential victims, ones with elevated privileges, a specially crafted link.

Microsoft is not aware of any attacks taking place in the wild using these vulnerabilities, but to prevent any unfortunate incidents, users are advised to install the update.

Other web programming language and platform vendors are also working on addressing the hash collision issues and until permanent solutions are out, clever workarounds were proposed.

http://news.softpedia.com/news/Microsoft-Releases-...

--
Was this reply relevant?
+0
-0
mogs CClip 125
Expert Contributor 30th Dec, 2011 09:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Wi-Fi Protected Setup easily unlocked by security flaw

Couple of hours of brute force will crack a network's PIN
By Bill Ray •

Posted in Security, 29th December 2011 15:51 GMT

Security researcher Stefan Viehböck has demonstrated a critical flaw in the Wi-Fi Protected standard that opens up routers to attack and has prompted a US-CERT Vulnerability notice.

Wi-Fi Protected Setup (WPS) is used to secure access to wireless networks and requires each router to have a unique eight-digit PIN. One mode of use allows a device to connect by just presenting that PIN, opening the way for a client to just try every available PIN. Worse still, the protocol splits the PIN into two halves which reduces the attack time to a couple of hours.

Read more at :-
http://www.theregister.co.uk/2011/12/29/wi_fi_not_...

--
Was this reply relevant?
+0
-0
mogs CClip 126
Expert Contributor 30th Dec, 2011 09:41
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kaspersky claims ‘smoking code’ linking Stuxnet and Duqu

Warns of three other unknown variants
By Iain Thomson in San Francisco •

Posted in Security, 30th December 2011 00:54 GMT

Researchers at Kaspersky Lab are claiming to have found proof that the writers of the Stuxnet and Duqu malware are one and the same, and are warning of at least three new families of advanced malware potentially in circulation.

Security experts have been debating if the two code groups are by the same authors, but the evidence has been inconclusive. An analysis by NSS last month suggested that the two were linked, but this might be down to reverse engineering, rather than the original coding.

Alexander Gostev, chief security expert at Kaspersky Lab, said that researchers had examined drivers used in both Stuxnet and Duqu and concluded that a single team was most likely behind them both, based on the timing of their creation and their methods of interacting with the rest of the malware code.

More at :-
http://www.theregister.co.uk/2011/12/30/kaspersky_...

--
Was this reply relevant?
+0
-0
mogs CClip 127
Expert Contributor 30th Dec, 2011 17:49
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

RoboForm 7.6.8 Released There are plenty of fixes available in RoboForm 7.6.8, some of them addressing problems with various web browsers (Firefox, Google Chrome, Opera, Avant, Internet Explorer and Maxthon).

Issues repaired range from failure to fill in the data on some websites, trouble closing RoboForm toolbar at the bottom of the browser or preventing sending mail on Outlook Web Access sites to synchronization malfunctioning.

Mending process also put the password generator in the crosshairs, as some minor bugs have been eliminated. Other fixes refer to AutoSave bar with password request, which would close without saving when pressing Enter.

RoboForm 7.6.8 switched to version 9 of Gecko SDK, as it is the official engine in the latest stable release of Firefox.

As for the new abilities, RoboForm 7.6.8 comes with the possibility to import database from SplashID, a password manager designed for mobile devices.

You can download RoboForm from this page

http://news.softpedia.com/news/RoboForm-7-6-8-Rele...

--
Was this reply relevant?
+0
-0
mogs CClip 128
Expert Contributor 30th Dec, 2011 17:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
China seeks to combat hi-tech crimewave

The Chinese government is cracking down on home-grown cyber thieves seeking to steal online banking details.

The crackdown combats phishing by ensuring that the websites of legitimate banks appear at the top of search results.

The move comes as the personal details of more than 45 million Chinese people were stolen in separate attacks.

The government is investigating the thefts and said that the wave of attacks "threatened internet safety".

Crime spree
The 10 biggest search engines in China have signed up to the anti-phishing scheme to ensure that users looking for bank websites go to the right place.

More at :-
http://www.bbc.co.uk/news/technology-16357238

--
Was this reply relevant?
+0
-0
mogs CClip 129
Expert Contributor 30th Dec, 2011 18:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 30th Dec, 2011 18:05
Find and remove malicious software with Mcafee Stinger
Mcafee Stinger is an antivirus scanner intended to be used if you think a computer has been infected.
It doesn't provide any active protection like a full anti-virus program but is a useful tool to copy onto a USB memory key or CD so that you can scan a computer that is acting strangely.
There is no installation required for Stinger: simply run the downloaded file.
There are some preferences that can be set although the defaults are quite acceptable. Stinger can be set to scan for suspicious processes, registry entries, boot sectors and rootkits. It can merely report on viruses although it is set to repair them by default.


Read more: http://www.computeractive.co.uk/ca/download-review...


--
Was this reply relevant?
+0
-0
mogs CClip 130
Expert Contributor 31st Dec, 2011 00:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
2012 tech predictions: From IDG's editors worldwide
Consumerization of IT is the consensus choice of the new year's major technology force, one that will manifest itself in several forms

By David Bromley | InfoWorld

What is 2012 likely to bring to the tech industry and its users? IDG -- the publisher of InfoWorld, Computerworld, Network World, CIO, CSO, ITworld, PC World, Macworld, and other tech publications throughout the globe -- surveyed its editors to gaze into their crystal balls and predict a key trend or development for 2012, as well as select their key story for 2011. The death of Apple CEO Steve Jobs and the rise of social media as a tool of protest topped a diverse roundup of nominees.

Here are the editors' individual preductions for 2012 and their pick for 2011's top story, in no particular order.
http://www.infoworld.com/t/technology-business/201...

--
Was this reply relevant?
+0
-0
mogs CClip 131
Expert Contributor 31st Dec, 2011 12:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 31st Dec, 2011 12:20
Getting Involved
Chrome Release Channels

Contents
1 Channels
1.1 Windows
1.2 Mac
1.3 Linux
2 How do I choose which channel to use?
3 What should I do before I change my channel?
3.1 Back up your data!
3.2 Enable anonymous usage statistics
4 Reporting Dev channel and Canary build problems
5 Going back to a more stable channel
Chrome supports a number of different release channels. We use these channels to slowly roll out updates to users, starting with our close to daily Canary channel builds, all the way up to our Stable channel releases that happen every 6 weeks roughly.
Channels

Windows

Stable channel for Windows
Beta channel for Windows
Dev channel for Windows
Canary build for Windows (Note, this will run in parallel to any other Chrome channel you have installed, it will not use the same profile)

Read more at :-
http://www.chromium.org/getting-involved/dev-chann...

--
Was this reply relevant?
+0
-0
mogs CClip 132
Expert Contributor 31st Dec, 2011 13:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 1st Jan, 2012 08:14
How to find Windows fixes
Unless you're a technofile, it can be daunting when Windows goes wrong. Microsoft has this problem covered with automated fix
Even a minor Windows problem can be frustrating. Of course, it’s easy to turn to the web in a search for answers but with so many people and websites out there offering advice – sometimes useful or well-meaning, but quite often dubious or just plain wrong – it can be hard to decide who or what to believe. Indeed, if you’re not careful, attempting unverified fixes can end up doing more harm than good.
Microsoft is one source that is trustworthy, obviously, and some time ago it launched the Fix It Center to its official support website. This has many automated solutions for fixing common Windows problems and, once you’ve found the right place, some repairs can be executed with a single mouse click.
In this practical feature we will show you how to master Microsoft’s Fix It Center, and also how to find and use other automatic troubleshooting tools hidden in Windows.


Read more: http://www.computeractive.co.uk/ca/pc-help/2125740...


This thread is now closed..........please see the January 2012 thread at :-
http://secunia.com/community/forum/thread/show/119...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer