Forum Thread: Daily CYBERCLIPS January

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS January
Member 1st Jan, 2012 08:10
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK
Sixteenth Edition.

Happy New Year to all Cyberclippers; goblins,elves, and well wishing penpushers !! The CURSE of the FROZEN DIALOGUE to all the Badfingers !!! ( Naturally, excluding those who may not have gotten the panhandle from their father !!)

Thankyou for the support thro' 2011. Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Member 1st Jan, 2012 08:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft patches dangerous web flaw in double time
Denial of service hole closed
By John E Dunn | Techworld | 31 December 11

Microsoft has issued an out-of-band fix for a vulnerability in its ASP.NET web platform that could allow an attacker to launch a successful DoS attack on a server using a nothing more sophisticated than a stream of 100kb files.

Although not yet being exploited in the wild, Microsoft decided the potential for trouble was sufficient to act in what will be its only standalone fix for the whole of 2011.

An attacker exploiting Security Advisory 2659883, rated critical, could exploit a weakness in the way ASP.NET and a number of other web applications including Java and PHP 5 generate hash tables from an HTTP POST request, eating a server CPU's entire resources for a period of time with a single file.

Normally, a denial of service attack with that level of success would require a botnet of thousands of hundreds of thousands of computers to make much headway on all but the most modestly-defended servers.

"An attacker could potentially repeatedly issue such requests, causing performance to degrade significantly enough to cause a denial of service condition for even multi-core servers or clusters of servers," Microsoft said this week in its advisory.

The flaw was only put into the public domain earlier this week at the Chaos Communication Congress in Berlin by researchers Alexander Klink and Julian Wlde, about a month after they informed Microsoft itself, which has garnered Microsoft some praise from researchers for a rapid response.

More at :-
http://www.pcadvisor.co.uk/news/security/3327296/m...

--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 2nd Jan, 2012 09:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Chrome nears 20% share, IE resumes slide
Microsoft's browser ends 2011 at record low, set to slip below 50% by March

By Gregg Keizer
January 1, 2012
Computerworld - After a one-month pause, Microsoft's Internet Explorer (IE) resumed its usage share slide in December, dropping to a new low and setting the stage for a fall below 50% as early as March.

IE lost eight-tenths of a percentage point last month to end with a share of 51.9%, according to California-based metrics company Net Applications. IE dropped more than seven points during 2011.

In November, said Net Applications, IE held steady, the only month in the year when it did not lose share.

Google's Chrome benefited most from IE's decline, growing its share by nine-tenths of a percentage point to a record high of 19.1%. Chrome should crack the 20% mark either this month or in February.

As was its practice during much of 2011, Microsoft did not address the continued slide of IE, but instead pointed to IE9's performance on Windows 7, a combination the company has repeatedly said is the only metric that matters.

"Based on where the December data currently stands," said Roger Capriotti, the head of IE marketing, in a Dec. 30 blog, "we're pleased to say IE9 ... will soon take the top spot from IE8 on Windows 7, with usage share expected to come in at nearly 25.6% this month."

More at :-
http://www.computerworld.com/s/article/9223087/Chr...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 2nd Jan, 2012 13:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
More Stratfor Data Released by Hackers
Written by
Ravi Mandalia

02 January, 2012

On Thursday, hackers released another batch of subscribers' data that was stolen during the Stratfor breach. Stratfor Global Intelligence is very popularly used research as well as analysis company the website of which fell prey to cyber attack a week ago.

The data which has been released has e-mail addresses along with credit card numbers reported c|net. The hacker group, reportedly a part of the Anonymous movement, actually disclosed the data with description on Pastebin. The website has links to the other website which has hosted the information.


The post in the Pastebin read, "It's time to dump the full 75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor." The post further says that the case does not end here they are also providing 860,000 email addresses, usernames, and md5 hashed passwords. Incidentally, 50,000 mail addresses end with .mil or .gov domain names.

On Monday, George Friedman, Stratfor's CEO, mentioned on the Facebook page of the company that the intrusion which took place gave out names of few corporate subscribers and their credit card and personal data.



Read more: http://www.itproportal.com/2012/01/02/more-stratfo...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 3rd Jan, 2012 11:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Users desert Windows XP in near-record numbers
Exodus accelerates over last four months as users move to Windows 7

By Gregg Keizer

Computerworld - Microsoft's Windows XP shed a large amount of usage share again last month as users continued to desert the decade-old operating system for Windows 7.

Windows XP lost 2.4 percentage points of share to post a December average of 46.5%, a new low for the aged OS in the tracking of Web metrics firm Net Applications. The month's fall nearly matched the record 2.5-point drop of October.

In the four months from September to December, XP jettisoned more than 11% of its share as of Sept. 1, falling by nearly six percentage points during the period.

The four months prior to that -- May through August -- XP lost only 3.4 points, or about 8.5% of the share it owned as of May 1.

Windows 7 has been the beneficiary of XP's decline, gaining 2.4 percentage points last month to reach 37%. In the same four months that XP lost 5.9 points, Windows 7 grew by 6.4 points, taking up the slack from not only Microsoft's oldest supported OS, but also the hapless Windows Vista.

More at :-
http://www.computerworld.com/s/article/9223094/Use...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 3rd Jan, 2012 11:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hackers Plan Satellite System to Sidestep Censorship

The 'Hackerspace Global Grid' will include satellites in orbit, along with ground stations to track and communicate with them.
A group of hackers has announced plans to launch a satellite network in an effort to fight Internet censorship.

"According to BBC News, the plan was recently outlined at the Chaos Communication Congress in Berlin," writes Threatpost's Brian Prince. "Dubbed the 'Hackerspace Global Grid,' the project calls not only for the launching of satellites in orbit but also the development of a grid of ground stations to track and communicate with the satellites."

"Hacker activist Nick Farr reportedly first put out calls for people to contribute to the project in August in response to the threat of Internet censorship," Prince writes. "He cited the proposed Stop Online Piracy Act (SOPA) in the United States as a prime example."

Go to "Hackers Plan Satellite Network to Fight Internet Censorship" to read the details.

http://www.esecurityplanet.com/hackers/hackers-pla...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 3rd Jan, 2012 12:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 3rd Jan, 2012 12:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
2011 was the year of the cyber criminal
Cyber crooks raided networks, pillaged data, and wreaked havoc in 2011, thanks to our persistently shoddy IT security practices

By Roger A. Grimes | InfoWorldFollow @rogeragrimes


In the world of IT security, 2011 was a great year -- for cyber criminals. One exception would be a certain Russian cyber crime ring pushing spam for meds. But outside of that global aberration, it's been a good year for the villainy of the Internet, in part thanks to end-users and organizations who have once again failed to take basic steps to protect themselves from attacks.

Few companies, if any, were patching in 2011, not even enough so to prevent the most common malware attacks. I've yet to visit a single company that has adequately patched Adobe Reader, Adobe Flash, or Java, all of show up on top 10 lists of the most exploited client-side software, month after month. Whenever people tell me they have high confidence in their great patching, I always check for those three products, and the customer is always -- I repeat, always -- unpatched. I've yet to find a client that had all their Internet-facing routers patched. Never. It's been 20 years.

Luckily for most cyber criminals, end-users still readily use the same password among most of their websites. Attackers were eagerly compromising the weakest websites to swipe credentials for breaking in to into the more secure, more popular websites. That phenomenon has driven some site operators to reset all user passwords. We're all sharing the same pool apparently.

More at :-
http://www.infoworld.com/d/security/2011-was-the-y...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 3rd Jan, 2012 13:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 7th Jan, 2012 00:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft plans big January Patch Tuesday
Mystery of the month, say experts, is what Microsoft means by 'security feature bypass' update

By Gregg Keizer
January 5, 2012 04:13 PM ET
Computerworld - Microsoft today said it would deliver seven security updates next week -- tying the record for January -- to patch eight vulnerabilities in Windows and its developer tools.

But the company declined to confirm that the Jan. 10 slate will include a patch pulled at the last minute a month ago.

One of the seven updates was tagged "critical," the highest threat ranking in Microsoft's four-step system, while the others were marked "important," the second-highest rating, even though some of them could conceivably be exploited by attackers to plant malware on users' PCs.

Altogether, three of the updates were labeled as "remote code execution," meaning they could be used to hijack an unpatched system, Microsoft said in its monthly advance notification.

A twist to this month's Patch Tuesday is Microsoft's classification of one of the updates as "security feature bypass," a label it's never before applied.

"[Security feature bypass]-class issues in themselves can't be leveraged by an attacker," said Angela Gunn, a spokeswoman for the Microsoft Security Response Center, in a post to that group's blog today. "Rather, a would-be attacker would use them to facilitate use of another exploit."

Read more at :-
http://www.computerworld.com/s/article/9223180/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 7th Jan, 2012 00:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 7th Jan, 2012 00:41
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 7th Jan, 2012 00:42


--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 7th Jan, 2012 01:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Windows 8 will have recovery options

Refresh or reset a PC
By Dave Neal
Thu Jan 05 2012, 12:43
SOFTWARE HOUSE Microsoft has detailed the options that will be available to recover a crashed PC running Windows 8.
Users will be offered two alternatives when presented with a Windows crash, with options to either refresh or reset their lost machine.
The changes are detailed in a blog post from the firm where the refresh option was described as a way of retaining some work while restoring core OS functions. The other is a full face wipe.
"We've built two new features in Windows 8 that can help you get your PCs back to a 'good state' when they're not working their best, or back to the 'factory state' when you're about to give them to someone else or decommission them," explains Microsoft's Steven Sinofsky in the introductory blog post

More at :-
http://www.theinquirer.net/inquirer/news/2135498/w...

--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 7th Jan, 2012 01:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Windows 8 will make better use of storage

Pooled storage shores up resources
By Dave Neal
Fri Jan 06 2012, 13:55
SOFTWARE CHURN FACTORY Microsoft has revealed how it plans to improve storage performance in Windows 8.
The feature called Storage Spaces is described by the firm in a blog post, and will use physical storage in a much more virtual way by creating pools using USB, SATA, or Serial Attached SCSI (SAS) disks that can be expanded with the addition of more hardware. Although it is not designed to replace Windows Home Server Drive Extender technology wholesale, it does perform some of its main tasks and will fill a gap for users.
Virtual disks known here as spaces will have thin provisioning features that could turn 4TB of space into 10TB, as well as resiliency to failures of physical media, the firm explained. Microsoft's Steven Sinofsky, who told us yesterday about the reset and refresh options in Windows 8, introduces the features.
"With thin provisioning, you can augment physical capacity within the pool on an as-needed basis. As you copy more files and approach the limit of available physical capacity within the pool, Storage Spaces will pop up a notification telling you that you need to add more capacity," Microsoft writes.
"You can do so very simply by purchasing additional disks and adding them to your existing pool. Once we have added this physical capacity, we don't need to do anything more to consume it. We can simply keep copying files or other data to the space within the pool and this space will automatically grow to utilize all available capacity within the containing pool, subject to its maximum logical size of 10TB."

More at :-
http://www.theinquirer.net/inquirer/news/2135772/w...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 7th Jan, 2012 12:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Symantec confirms source code leak in two enterprise security products
Hacking group discloses source code segments used in Symantec's Endpoint Protection 11.0 and Antivirus 10.2

By Jaikumar Vijayan
January 6, 2012
Computerworld - Symantec late Thursday confirmed that source code used in two of its older enterprise security products was publicly exposed by hackers this week.

In a statement, the company said that the compromised code is between four and five years old and does not affect Symantec's consumer-oriented Norton products as had been previously speculated.

Read more at :-
http://www.computerworld.com/s/article/9223198/Sym...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 9th Jan, 2012 22:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 10th Jan, 2012 14:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 10th Jan, 2012 14:21
Google patches Chrome, beefs up malicious file blocking tech
Starts 2012 by paying out $2,000 in bug bounties

By Gregg Keizer

Computerworld - Google last week patched Chrome 16 and improved the download warnings in the impending Chrome 17.

Last Thursday, Google updated Chrome 16 with a security update that quashed three bugs, all rated "high," the company's second-most-dire threat rating.

Two of the bugs warranted bounties of $1,000 each, including one to a developer who works for rival Mozilla, maker of Firefox. Google, like Mozilla, pays outside investigators for bugs they report: Last year, Google wrote checks totaling $180,000 to bug hunters.

Also last week, Google released the first beta of the next edition in its line, Chrome 17.

According to Google engineer Dominic Hamon, Chrome 17 expands on the anti-malware download warnings that were first added to Chrome's code in April 2011 and appeared in the stable channel of the browser in June 2011's Chrome 12.

"Chrome now includes expanded functionality to analyze executable files -- such as '.exe' and .msi' files -- that you download," said Hamon in a blog post. "If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it."

Read more at :-
http://www.computerworld.com/s/article/9223260/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Member 10th Jan, 2012 14:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Oracle's latest Java moves frustrate users and vendors
The company is under fire for modularization, licensing, and security issues

By Paul Krill
January 10, 2012 06:24 AM ET
InfoWorld - Oracle, which officially took on the big job of shepherding Java two years ago this month, is traveling bumpy roads lately, with its modularization and licensing plans for Java raising eyebrows and security concerns coming to the fore as well.

Plans for version 8 of Java Platform Standard Edition, which is due next year, call for inclusion of Project Jigsaw to add modular capabilities to Java. But some organizations are concerned with how Oracle's plans might conflict with the OSGi module system already geared to Java. In the licensing arena, Canonical, the maker of Ubuntu Linux, says Oracle is no longer letting Linux distributors redistribute Oracle's own commercial Java, causing difficulties for the company. Meanwhile, security vendor F-Secure views Java as security hindrance. (Oracle declined to discuss these issues with InfoWorld.)

Read more at :-
http://www.computerworld.com/s/article/9223300/Ora...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 10th Jan, 2012 14:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The Future of Firefox Security

New efforts in 2012 could make the open source browser even more secure.

By Sean Michael Kerner

The year 2012 will likely be a milestone for Mozilla's Firefox web browser, as the open source group aims to further accelerate web innovation. Among the ways that Mozilla plans on improving Firefox in 2012 is by way of a number of efforts that could make the browser more secure for a greater number of users.

Mozilla makes incremental security updates with each release -- such as the recent Firefox 9 update, which patched several security vulnerabilities. The open source browser vendor also works on making the overall platform more secure, which will be the core focus in 2012.

"Longer term, a lot of the work that we do around core technologies factors in security primitives," Johnathan Nightingale, Director of Firefox Engineering at Mozilla told InternetNews.com. (The term "security primitives" refers to the building blocks used to provide security services in the software application.)

As an example, Nightingale noted that Mozilla configured support for WebGL as a way to address security concerns with cross-domain texture loading. He explained that with WebGL the idea was to utilize a protocol-based solution that can shut down an entire class of vulnerabilities.

More recently, Mozilla has been working on JIT hardening to mitigate against JIT spraying attacks. The JIT (Just-In-Time) compiler in JavaScript is a common attack vector in modern browser attacks.

"The reality is that the way our JIT engine is built makes it somewhat resilient to JIT Spraying attacks," Nightingale said. "But there is still work we can do on that class of vulnerability to just get it out of the realm of even the theoretical -- and that work is ongoing."

Another approach to browser security, which has already been adopted by Google Chrome, is known as "process sandboxing." With process sandboxing, the idea is to isolate processes in order to reduce the potential risk and attack surface for a given browser process or operation.

"Sandboxing has some real benefits, but it's not a silver bullet," Nightingale said. "It is something that our platform team is looking at really closely."

And much more at :-
http://www.esecurityplanet.com/browser-security/th...

--
Was this reply relevant?
+1
-1
mogs CClip 19
Member 10th Jan, 2012 14:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 10th Jan, 2012 14:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Schnakule discovery highlights growing sophistication in cyber crime
by Shaun Nichols


The discovery of a highly sophisticated malware network is leading some security firms to reshape their view of cyber crime operations.
Known as Shnakule, the operation employs a massive network of servers to attack sites as well as compromised pages to exploit vulnerabilities and infect users' computers.

Shnakule spans a number of attack vectors and is believed to have been used for multiple attacks, with active servers ranging from hundreds to thousands of systems at a time.
Steve Schoenfeld, vice president of product management and product marketing at Blue Coat, told V3 that his firm has been tracking the Shnakule operation for a number of months through its WebPlus security networks.
He said the company's findings defy conventional knowledge of how malware and cyber crime operations work.
Attacks that had previously appeared to be isolated events, are now believed to be the work of various systems operating within the cyber crime network. Blue Coat estimates that such networks will be responsible for as much as two-thirds of all attacks in 2012.

Read more at :-
http://www.v3.co.uk/v3-uk/news/2135898/schnakule-d...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 12th Jan, 2012 18:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+1
-1
mogs CClip 22
Member 12th Jan, 2012 19:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+1
-1
mogs CClip 23
Member 12th Jan, 2012 19:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 12th Jan, 2012 19:13
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 12th Jan, 2012 19:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Public attack code aimed at Windows Web servers works, says Symantec
Researchers not surprised at the quick appearance of denial-of-service exploit

By Gregg Keizer

Researchers at Symantec yesterday confirmed that working attack code published Jan. 6 can cripple Web servers running Microsoft's ASP .Net.

The proof-of-concept exploit was published last Friday on GitHub, a site that hosts software projects, and has been used in the past by hackers to distribute their work.

Other security experts were not surprised that attack code appeared within days of Microsoft rushing out a patch for a denial-of-service vulnerability in its software.

"No, not surprising at all," Andrew Storms, director of security operations at nCircle Security, said in an interview Tuesday. "There was enough interest [in the researchers' original presentation] that we should have expected exploit code soon."

The presentation Storms referred to was made by German researchers Alexander Klink and Julian Walde on Dec. 28 at the CCC (Chaos Communication Congress) conference in Berlin, where they demonstrated a flaw in the Web's most popular application and site programming languages, including Microsoft's ASP .Net, the open-source PHP and Ruby, Oracle's Java, and Google's V8 JavaScript.

According to Klink and Walde, attackers could cripple Web servers by conducting denial-of-service attacks using a single off-the-shelf PC and a low-bandwidth connection to the Internet.

In a security advisory issued the same day, Microsoft promised to patch the vulnerability in ASP .Net, then followed that on Dec. 29 with its first "out-of-band" update of 2011.

On Jan. 6, someone identified as "HybrisDisaster" published the attack code on GitHub.

The interval between the Klink-Walde presentation and the appearance of attack code was just nine days, and eight days after Microsoft released its emergency patch.

Read more at :-
http://www.infoworld.com/d/security/public-attack-...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 12th Jan, 2012 20:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 13th Jan, 2012 21:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Oracle to issue 78 patches, including 27 for MySQL
Other fixes are set for Oracle's database, middleware and applications

By Chris Kanaracus
January 13, 2012 11:46 AM
IDG News Service - Oracle is set on Tuesday to release 78 security fixes for vulnerabilities in its database, middleware and applications, according to a preview announcement posted to the company's website this week.

A full 27 of those are targeted for the MySQL database. One of the vulnerabilities can be exploited over a network without log-in credentials. The highest CVSS (Common Vulnerability Scoring System) Base Score among the MySQL bugs is 5.5, which falls into the system's "medium" risk range.

Two other fixes are for Oracle's database, and Oracle is also planning to ship 11 patches for Fusion Middleware. Five of the bugs in the latter can be remotely exploited with no user authentication required.

On the application front, the company's E-Business Suite is getting three patches, its supply chain application suite will receive one, PeopleSoft will get six, and JD Edwards will have eight.

Some 17 patches will be released for Sun products, including six that can be remotely exploited with no credentials. Affected products include GlassFish Enterprise Server and the Solaris OS.

Another three patches are for Oracle's virtualization technology, including VirtualBox

http://www.computerworld.com/s/article/9223428/Ora...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 13th Jan, 2012 21:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Reddit to go dark in SOPA protest
Wikipedia may join Reddit in 12-hour Jan. 18 blackout action to protest the controversial anti-piracy bill

By Jaikumar Vijayan | Computerworld

Social news site Reddit will black out its site for 12 hours on Jan. 18 to protest the controversial Stop Online Piracy Act SOPA bill that is currently working its way through the U.S. House of Representatives.

Wikipedia co-founder Jimmy Wale said that his firm may also conduct a protest blackout, though it remains unclear whether the site will join Reddit.

In a blog post earlier this week, Reddit team members said they have decided to black out the site next Wednesday from 8 a.m. to 8 p.m. EST in a bid to draw attention to SOPA.

"Instead of the normal glorious, user-curated chaos of reddit, we will be displaying a simple message about how the PIPA/SOPA legislation would shut down sites like reddit," the blog noted. PIPA, is an acronym for the Protect IPA Act, a U.S. Senate version of SOPA

More at :-
http://www.infoworld.com/d/the-industry-standard/r...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 13th Jan, 2012 21:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft Bing finally overtakes Yahoo in web search

Google remains far in the lead
By Lawrence Latif

SEARCH ENGINE ALSO-RAN Microsoft has finally managed to surpass Yahoo's US search engine market share.
According to figures released by Comscore, Microsoft's Bing search engine has overtaken Yahoo with 15.1 per cent of the US web search market. The manoeuvre came as Yahoo experienced a 0.6 per cent drop in market share between November 2011 and December 2011.
Microsoft has put considerable research and marketing behind Bing to compete with internet search leader Google, yet has been unable to make a significant dent in Google's market share. Microsoft also signed a deal with Yahoo that saw Bing powering the web portal's search results.
Despite Microsoft's efforts to push Bing, Google still remains the pre-eminent internet search provider by quite some distance.

More at :-
http://www.theinquirer.net/inquirer/news/2137282/m...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 13th Jan, 2012 21:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 31
Member 13th Jan, 2012 21:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 14th Jan, 2012 15:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Windows 8 on ARM: You can look but you can't touch
Windows 8 was shown on a few ARM-based devices at CES, but Microsoft doesn't want people playing with it before it's ready

By James Niccolai

IDG News Service - For a touch-based interface it was awfully hard to get hold of. Microsoft's Windows 8 OS was shown on a handful of prototype ARM-based tablets at the Consumer Electronics Show this week, but almost no one was allowed to try it out.

Nvidia had three Windows 8 tablets in its booth but they were all behind glass. Texas Instruments showed a Windows 8 tablet in a meeting room off the show floor, but a reporter who asked to try it was told that wasn't permitted. Qualcomm, the third vendor of ARM-based chips working with Windows 8, wasn't showing it at all.

Representatives from all three companies said Microsoft has placed tight limits on how they can show Windows on ARM. It's apparently taking no chances that people might have a bad experience with the software before it's ready for release, which could harm its reputation.

"I think they're being a little measured because they want to make sure that when people finally see these things that it's a good experience. They have to get it right," Mike Rayfield, general manager of Nvidia's mobile business unit, said in an interview.

More at :-
http://www.computerworld.com/s/article/9223446/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 14th Jan, 2012 15:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 14th Jan, 2012 21:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The benefits of cloud computing.
Everywhere you look people are talking about cloud computing, but what is it and why do you need it? We explain exactly how it works and how to start using it


Read more: http://www.computeractive.co.uk/ca/pc-help/2129568...


--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 15th Jan, 2012 18:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The body that polices Internet registrations will on Thursday launch a domain name "revolution" in the face of the concerns of global bodies ranging from the United Nations to the US Congress.

The Red Cross and International Olympic Committee have already secured exclusions from the new sector that would allow company, organization and city names to rival .com as Internet addresses.
The head of the Zulus in southern Africa and a wealthy Middle East family have already expressed an interest in being part of what Rod Beckstrom, president of the Internet Corporation for Assigned Names and Numbers (ICANN), has called a "new domain name system revolution".
The new generic top level domains (GTLDs) would allow Internet names such as .Apple or .IMF or .Paris instead of .com or .org.
ICANN says the huge expansion of the Internet, with two billion users around the world, half of them in Asia, requires the new names.
But the International Monetary Fund was among more than 25 global bodies which sent a letter to ICANN last month expressing concern about the possible "misleading registration and use" of their names.
The US Association of National Advertisers and non-profit groups such as the Young Men's Christian Association, YMCA, criticized the plan at a US Congress hearing last month.
They fear it could cause confusion about their Internet presence and force them to spend huge amounts on "defensive registration" to stop cybersquatters, who buy up names and try to sell them at an inflated price, and fraudsters.
Registration will cost $185,000 with a $25,000 annual fee after that.

Read more at :-
http://www.physorg.com/news/2012-01-internet-revol...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 15th Jan, 2012 22:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 16th Jan, 2012 17:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Non-U.S. customers kept in dark as Zappos cleans up after data breach
Online clothing shop Zappos.com reset the passwords of over 24 million customers after security breach

By Lucian Constantin
January 16, 2012 07:13 AM ET
IDG News Service - Online shoe and apparel shop Zappos.com is advising over 24 million customers to change their passwords following a data breach, but its website is currently inaccessible to people outside the U.S.

Zappos employees received an email from CEO Tony Hsieh on Sunday, alerting them about a security breach that involved the online shop's customer database.

"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation," Hsieh said in the email.

More at :-
http://www.computerworld.com/s/article/9223457/Non...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 16th Jan, 2012 17:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 16th Jan, 2012 17:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

PC security: We've come a long way, baby
But have we come far enough in the 10 years since Bill Gates wrote his Trustworthy Computing Memo?

By Robert X. Cringely | InfoWorldFollow @ifw_cringely

Ten years ago, on Jan. 15, 2002, Microsoft's then-chair Bill Gates penned the famous Trustworthy Computing Memo.

That was the day Microsoft finally woke up, smelled the hackers, and began getting serious about security. Gates wrote:

In the past, we've made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We've done a terrific job at that, but all those great features won't matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve. ...If we discover a risk that a feature could compromise someone's privacy, that problem gets solved first.

Of course it's one thing to write a memo, another thing to make it real. The notoriously insecure Internet Explorer didn't stop being a hacker's plaything until the release of IE8 in 2009. During that time frame, Microsoft went from owning 90-plus percent of the browser market to less than 50 percent today. A lot of that had to do with IE's notorious vulnerabilities and poor performance.

More at :-
http://www.infoworld.com/t/cringely/pc-security-we...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 16th Jan, 2012 17:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
.
16 January, 2012

An India based hacking outfit has reportedly managed to lay its hands on the source code of Symantec's Norton security software, and is threatening now to publish it online.

Apparently the hacker collective, dubbed "The Lords of Dharmaraja", not only stole the source code of Norton, but also managed to get away with other confidential documentation belonging to Symantec - the maker of Norton.

The outfit has already published some of the stolen information on the Web - a considerable proportion of which seems to be several years old, though.


Also, it is not known yet whether or not the group actually managed to breach Syamtec's network and steal the Norton source code. The company says it is investigating the claims made by "The Lords of Dharmaraja".



Read more: http://www.itproportal.com/2012/01/16/hackers-expo...

--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 16th Jan, 2012 17:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 42
Member 17th Jan, 2012 12:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
GAME: Our website wasn't hacked!

Leaked account login details are bogus, says chain
By John Leyden

Posted in Enterprise Security, 17th January 2012 10:18 GMT
Foglight NMS from Quest Software, monitor and manage up to 100 network devices for FREE
Video games purveyor GAME says it has not been hacked after reports yesterday claimed that the retail biz had suffered a security breach.

A list what purported to be 200 email addresses and unprotected clear text passwords from GAME were posted on Pastebin, sparking widely reported hacking fears on Monday.


However, after checking the leaked data, GAME said the information was bogus and issued a statement saying that it had no evidence of any breach to its database security

More at :-
http://www.theregister.co.uk/2012/01/17/game_hack_...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 17th Jan, 2012 12:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 17th Jan, 2012 19:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla slows pace of Firefox 9 upgrades
Bugs prompt the browser maker to 'throttle' update offers

By Gregg Keizer
January 17, 2012 12:09 PM ETt
Computerworld - Mozilla dramatically slowed the update pace of Firefox 9, the browser it shipped late last month.

The company also said it may repeat the slow-down in the future.

Firefox 9, which Mozilla released Dec. 20, has yet to be completely "unthrottled," or offered as an update to all users, according to notes from a company meeting last week.

Like other software vendors, including Microsoft and Apple, Mozilla can offer upgrades to a fraction of its users rather than to everyone at once. The practice is designed to ensure that download servers aren't overwhelmed, and to prevent bugs -- if there are any in the update -- from reaching all users.

Read more at :-
http://www.computerworld.com/s/article/9223483/Moz...

--
Was this reply relevant?
+1
-1
mogs CClip 45
Member 17th Jan, 2012 20:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft reveals details on ReFS for Windows 8 Server

Coming to all Windows versions eventually
By Lawrence Latif
Tue Jan 17 2012,
SOFTWARE REDEVELOPER Microsoft has revealed details about its upcoming Resilient File System (ReFS), which will make its debut with Windows 8 Server.
Microsoft's ReFS will eventually become the file system for all its Windows variants, replacing NTFS, but will make its first appearance on Windows 8 Server. Surendra Verma, a development manager on Microsoft's storage and file system team, said ReFS will maintain "a high degree of compatibility with a subset of NTFS features that are widely adopted while deprecating others".
Verma went on to claim that ReFS will be optimised for scaling and maintaining data integrity but said that parts of the NTFS codebase will be reused. Verma said, "Underneath this reused portion, the NTFS version of the code-base uses a newly architected engine that implements on-disk structures such as the Master File Table to represent files and directories. ReFS combines this reused code with a brand-new engine, where a significant portion of the innovation behind ReFS lies."

More at :-
http://www.theinquirer.net/inquirer/news/2139379/m...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Member 17th Jan, 2012 20:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 17th Jan, 2012 20:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
World IPv6 launch day set to aid net address switchover

Leading internet firms have set 6 June as the World IPv6 launch day.

IPv6 is the new net address system that replaces the current protocol IPv4, which is about to run out of spaces to allocate.

Web companies participating in the event have pledged to enable IPv6 on their main websites from that date.

The Internet Society, which made the announcement, said the day represented "a major milestone" in the deployment of the standard.

Facebook, Google, Microsoft Bing and Yahoo are the inaugural web firms involved.

More at :-
http://www.bbc.co.uk/news/technology-16601636

--
Was this reply relevant?
+0
-0
mogs CClip 48
Member 18th Jan, 2012 09:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 18th Jan, 2012 10:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Protests against SOPA, PIPA go viral
Google, Wikipedia, Reddit, BoingBoing plan unprecedented Internet 'strike' Wednesday

By Jaikumar Vijayan

Computerworld - In a remarkable example of a grassroots campaign gone viral, several websites including Google, Reddit, Wikipedia, BoingBoing, Imgur and Tucows, are planning an unprecedented Internet "strike" Wednesday to protest controversial anti-piracy legislation being considered by Congress.

Many of the sites plan to go completely dark on Jan 18 to show opposition to the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Google will not go dark, but plans to note its opposition by sticking a protest link on its home page.

"Like many businesses, entrepreneurs and web users, we oppose these bills because there are smart, targeted ways to shut down foreign rogue websites without asking American companies to censor the Internet," Google said in a statement. "So tomorrow we will be joining many other tech companies to highlight this issue on our US home page."

According to Fight for the Future, one of the groups organizing the protests, nearly 12,000 websites have said they will join the blackout. That number is still growing.

More at
http://www.computerworld.com/s/article/9223496/Pro...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Member 18th Jan, 2012 13:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 18th Jan, 2012 21:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Secunia sets six-month deadline for vulnerability disclosures
Secunia gives vendors six months to fix reported vulnerabilities before going public

By Lucian Constantin

IDG News Service - Vulnerability research firm Secunia announced that, effective from the beginning of the year, software vendors will have a six-month deadline to fix vulnerabilities reported through its Vulnerability Coordination Reward Programme (SVCRP).

Secunia's previous deadline had been established in 2003 and was one year. The decision to reduce it came after studying the history of the company's vulnerability coordination efforts.

The new deadline is similar to what other security firms currently enforce. For example, Hewlett-Packard subsidiary TippingPoint, which runs the well known Zero Day Initiative (ZDI) program, has had a six-month deadline for fixing vulnerabilities reported to vendors since the beginning of last year.

More at :-
http://www.computerworld.com/s/article/9223513/Sec...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Member 18th Jan, 2012 21:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 53
Member 18th Jan, 2012 21:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 18th Jan, 2012 21:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 18th Jan, 2012 21:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Sopa: Sites go dark as part of anti-piracy law protests
By Leo Kelion

The Wikipedia encyclopedia and blogging service WordPress are among the highest profile pages to remove material.

Google is showing solidarity by placing a black box over its logo when US-based users visit its site.

The Motion Picture Association of America has branded the action as "irresponsible" and a "stunt".

Visitors to Wikipedia's English-language site are greeted by a dark page with white text that says: "Imagine a world without free knowledge... The US Congress is considering legislation that could fatally damage the free and open internet. For 24 hours, to raise awareness, we are blacking out Wikipedia."

It provides a link to more details about the House of Representatives' Stop Online Piracy Act (Sopa) and the Senate's Protect Intellectual Property Act (Pipa).

More at :-
http://www.bbc.co.uk/news/technology-16612628

--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 19th Jan, 2012 08:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 19th Jan, 2012 20:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Beta Channel Release
Wednesday, January 18, 2012 | 16:30
Labels: Beta updates
The Beta channel has been updated to 17.0.963.38 for all platforms other than Chrome OS. This update fixes a number of stability and UI issues. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome
4 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 19th Jan, 2012 20:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 20th Jan, 2012 10:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Imperva Warns of XSS Vulnerability in IE

Microsoft says the problem is not considered a vulnerability.

January 19,
Imperva researchers are warning of a problem with the way double quotes are encoded by Internet Explorer that can allow hackers to conduct cross-site scripting (XSS) attacks.

"Imperva argues that because most browsers automatically encode special characters in URLs, some Web developers might be inclined to process request URLs in the source code of their websites without making sure that they are properly sanitized," writes ITworld's Lucian Constantin. "A hacker who identifies such a website can craft a link to it that contains a double quote followed by malicious JavaScript code."

"Imperva claims to have notified Microsoft about the issue, but was told by the software company that this behavior is not considered a vulnerability and will not be fixed in a security update," Constantin writes. "The behavior might, however, get changed in a future IE version, Microsoft allegedly said."

Go to "IE URI encoding behavior facilitates XSS attacks, researchers say" to read the details.

http://www.esecurityplanet.com/browser-security/im...

--
Was this reply relevant?
+0
-0
mogs CCLIP 60
Member 20th Jan, 2012 16:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 20th Jan, 2012 16:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 20th Jan, 2012 20:31
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 21st Jan, 2012 13:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 21st Jan, 2012 13:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 21st Jan, 2012 13:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 22nd Jan, 2012 11:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Fake Megaupload sites pose a security risk
Some sites that could be phishing operations claim to be the relaunched Megaupload

By Nancy Gohring | IDG News Service


The people behind Megaupload might be working hard to get the site back up, but so are scammers.

Sites were popping up on Friday claiming to be the reincarnation of Megaupload, the popular website taken down by U.S. federal authorities on Thursday. But most of the imitators so far look like phishing sites, said Don Bowman, CTO for Sandvine, an Internet traffic equipment vendor.

One site has only an IP address for its locator, rather than a website name people can remember, but claims to be the location for the new Megaupload. "We are working to be back full again," the site says.

It's unlikely, however, that a site as popular as Megaupload would use only an IP address. For one thing, everyone visiting the site would be hitting the same server. Before it was shut down, Megaupload accounted for nearly 1 percent of traffic in North America, putting it in league with Facebook, Bowman said.

More at :-
http://www.infoworld.com/d/security/fake-megauploa...

--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 22nd Jan, 2012 11:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 22nd Jan, 2012 18:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
A beta version of Malwarebytes Anti-Malware has been released, aiming at fixing several issues, some of which of significant importance.

The problems solved in Malwarebytes Anti-Malware 1.60.1 beta include a bug that caused freezes in certain third-party security alternatives, on Windows XP. Another issue fixed in this build prevented the ignore list from reloading after updating the database.

Ignore list related issues are not limited to the aforementioned one. The development team also took care of a bug that would crash mbamcore.dll when certain malformed ignore list data was involved.

In some cases, upon certain upgrade installations the desktop icon would no longer be created. This should no longer be the case in the current beta version of the application.

Some problems touch on certain language files: Dutch, Belarusian, and Korean. On the same note, the new build adds Greek language file.

http://news.softpedia.com/news/Malwarebytes-Anti-M...

--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 23rd Jan, 2012 08:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google kills more services
Picnik, Google Message Continuity, Needlebase and others are on the chopping block this time

By Nancy Gohring

IDG News Service - Google is continuing to weed out its services and on Friday announced it will shut down Picnik, Google Message Continuity and Needlebase and make changes to some other services.

Google acquired Seattle-based Picnik in 2010, saying it would integrate the photo editing service with its own Picasa. "We're retiring the service on April 19, 2012, so the Picnik team can continue creating photo-editing magic across Google products," Dave Girouard, vice president of product management for Google, wrote in a blog post Friday.

The company is also discontinuing Google Message Continuity, its service for backing up Microsoft Exchange emails. Since launch, "hundreds" of businesses have signed up for the service, but it's clear many more are interested in Google Apps, Girouard wrote. "Going forward, we've decided to focus our efforts on Google Apps and end support for GMC," he wrote.

Google will shut down Needlebase, a data management platform, on June 1, and the Social Graph API, which isn't being widely used, on April 20.

Google also will stop offering a client-hosted version of Urchin, an online analytics product on which the company built Google Analytics. It will instead focus on the online offering of Analytics.


http://www.computerworld.com/s/article/9223615/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 23rd Jan, 2012 21:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Firms face tougher data-protection rules in Europe
By Steven Musil
Companies will be required to disclose security breaches within 24 hours of their occurrence under European Union proposals being made this week to strengthen data-protection rules.

New rules are needed to protect consumers and reduce bureaucracy, EU justice commissioner Viviane Reding said in a speech at a conference on Sunday in Munich.

"Companies that suffer a data leak must inform the data-protection authorities and the individuals concerned, and they must do so without undue delay," Bloomberg quoted Reding as saying at the DLD conference. "European data-protection rules will become a trademark people recognise and trust worldwide."


http://www.zdnet.co.uk/news/regulation/2012/01/23/...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 23rd Jan, 2012 21:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 24th Jan, 2012 22:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Stable Channel Update
Monday, January 23, 2012 | 15:00
Labels: Stable updates

The Stable channel has been updated to 16.0.912.77 for Windows, Mac, Linux and Chrome Frame

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[$1000] [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis.
[$3133.7] [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. *
[108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415).
[$1000] [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz.
[$1000] [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis.
The bugs 106484, 107182, 108461, and 109556 were detected using AddressSanitizer.
* Bug 107182 was fixed in 16.0.912.75 but accidentally excluded from the release notes.

Full details about what changes have been made in this release are available in the SVN revisions log. Interested in switching to another channel? Find out how. If you find a new issue, please let us know by filing a bug.

Anthony Laforge
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 24th Jan, 2012 22:49
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google patches several serious Chrome bugs
Critical vulnerability disclosed Monday was actually fixed earlier this month

By Gregg Keizer
January 24, 2012 02:33 PM ET
Computerworld - Google yesterday patched four vulnerabilities in Chrome, and disclosed that it had patched a fifth two weeks ago.

The refresh of Chrome 16 was the second security-related update for the browser this month.

One of the five bugs Google said had been quashed was actually a leftover from the Jan. 9 update. According to a blog post by Anthony Laforge, a Chrome program manager, that flaw was actually patched two weeks ago, but "[was] accidentally excluded from the release notes" at the time.

The vulnerability was the most serious of the five, rating a "critical" ranking, Google's top threat label.
According to the bug-tracking materials for Chromium, the open-source project that feeds code into Chrome, the critical bug caused the browser to crash when users saw Chrome's anti-malicious site warning and then refreshed the page.

More at :-
http://www.computerworld.com/s/article/9223672/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 24th Jan, 2012 22:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Pwn2Own 2012 Gets Serious About Security Vulnerabilities

The HP-sponsored hacking challenge revises its rules in an effort to expose even more vulnerabilities.

By Sean Michael Kerner | January 23, 2012

Over the last several years, the Pwn2Own hacking challenge has become known as the place where browsers get hacked, sometimes within just a matter of minutes. This year, the event's organizers at HP TippingPoint's Zero Day Initiative (ZDI) are looking to project a more serious demeanor and downplay the sensational nature of the contest -- even as they change the rules in an effort to demonstrate a record number of exploited security vulnerabilities.

"In the past, due to the way the competition was architected, we had lots of sensationalist headlines, things like 'Mac hacked in three seconds'," said Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint, in a conversation with InternetNews.com. "We don't think that type of sensationalism was representative of all the research that was going on."

In previous years, researchers would go on stage to demonstrate a vulnerability, sometimes in under a minute. At the 2011 event, Apple Safari and Microsoft's IE were hacked on the first day. At the event two years prior, Safari was hacked in under two minutes.

More at :-
http://www.esecurityplanet.com/browser-security/pw...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 24th Jan, 2012 23:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft fingers alleged Kelihos botnet culprit
By Steven Musil, CNET News, 24 January, 2012 09:50

Four months after taking down the Kelihos botnet, Microsoft on Monday identified the man it believes was behind the massive infection designed to deliver spam and steal data.

In an amended complaint (PDF) filed with the US District Court for the Eastern District of Virginia, the software giant accused Andrey N Sabelnikov, a resident of St Petersburg, Russia, of writing the code for and participating in the creation of the Kelihos malware. The complaint further alleges that Sabelnikov used the malware to control and nurture the Kelihos botnet.

Kelihos comprised about 41,000 infected computers worldwide and was capable of sending 3.8 billion spam emails per day before Microsoft put a stop to it last September, according to the company.

http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 25th Jan, 2012 11:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Bitdefender Warns of New Hybrid Malware

Written by
Jon Martindale
24 January, 2012hybrid malware worm virus

Antivirus security firm Bitdefender, has expressed concerns over what it claims is a new hybrid malware that was created by viruses infecting worms on poorly protected machines.

BitDefender has taken part in an analysis of 10 million infected files that saw it discovering some 40,000 "Frankenmalware" samples. With this representing around 0.4 per cent of checked malware, Bitdefender extrapolates it to mean that there are likely around 260,000 hybrid examples in the wild.

"If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus," said Bitdefender threats analyst Loredana Botezatu, who launched the study of the hybrid species. "The advent of malware sandwiches throws a new twist into the world of malware. They spread more efficiently, and will become increasingly difficult to predict."

Bitdefender further described the malware threat as a growing one, with the amount of wild viruses, spyware and adware increasing by some 17 per cent throughout 2012.



Read more: http://www.itproportal.com/2012/01/24/bitdefender-...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 25th Jan, 2012 11:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google to combine users' data across its services
Rewritten privacy policies allow Google to use data in a variety of services if a Google Accounts user is signed in

By Stephen Lawson
January 24, 2012 09:06 PM ET
IDG News Service - Google will be able to combine data from several Google services when a Google Accounts user is signed in, as part of a rewritten set of privacy policies that the company announced on Tuesday.

Google said it added the new capability so it can provide better and more targeted services. For example, by combining information from Google Calendar and Google Maps, the company could deliver reminders of a scheduled meeting that take into account how far the user is from the meeting location and how the traffic is on the way, said Alma Whitten, Google's director of privacy product and engineering, in a blog post on Tuesday.

The changes will take effect on March 1, and Google said it was starting to inform users about them via email and a homepage notice. They are included in a major update of Google's privacy policies that, among other things, will consolidate the policies for a majority of Google products into one policy. Taking more than 70 privacy documents, Google has combined more than 60 of them into that main policy, Whitten wrote. Google also said it has cut down on the Google Terms of Service and made them easier to read.

More at :-
http://www.computerworld.com/s/article/9223691/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 25th Jan, 2012 21:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
pcAnywhere let anyone anywhere inject code into PCs

Symantec plugs holes in desktop remote-control tool
By John Leyden

Posted in Security, 25th January 2012 16:29 GMT

Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws.

The most severe of the two holes allows hackers to remotely inject code into vulnerable systems - made possible because a service on TCP port 5631 permits a fixed-length buffer overflow during the authentication process. This line of attack ought to be blocked by a properly configured firewall, but it'd be stupid to rely on that without patching vulnerable systems.

The other flaw relies on overwriting files installed by pcAnywhere in order to escalate a user's privileges, although miscreants will already need access to vulnerable system to leverage this.

Neither flaw has been weaponised into exploits by hackers, reckons Symantec. The security firm credits Edward Torkington (of NGS Secure) and independent security researcher Tad Seltzer with discovering the flaws.

More at :-
http://www.theregister.co.uk/2012/01/25/pcanywhere...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 25th Jan, 2012 22:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
O2 caught sharing customers mobile phone number with websites

Written by
Rob Kerr


Broadband news website thinkbroadband.com has published an article that details O2 passes the phone number of their customers to every website viewed, when that user on their network access the internet from a handset.

Thinkbroadband's post goes on to mention that O2 sends this information within the HTTP headers, which normally contains information about how content can be displayed on the device.

"These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share", added the website.



Read more: http://www.itproportal.com/2012/01/25/o2-caught-sh...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 26th Jan, 2012 10:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 26th Jan, 2012 11:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
| 16:47
Labels: Beta updates
The Beta channel has been updated to 17.0.963.44 for all platforms other than Chrome OS. This update fixes a number of stability and UI issues. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 26th Jan, 2012 11:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
O2 blames technical error for providing customers' phone numbers to web sites
by Dan Worth

Mobile network operator O2 has apologised to its customers for a technical error that accidentally revealed users' mobile phone numbers to any web site they visited over 3G or WAP mobile internet connections.
Writing in a blog post the firm explained that whereas only "trusted partners" were meant to receive the phone numbers of customers that browsed certain sites, a change in its network inadvertently released this information to all web sites.

"Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for web site owners to see the mobile numbers of those browsing their site," it said.
"We would like to apologise for the concern we have caused."

More at :-
http://www.v3.co.uk/v3-uk/news/2141334/o2-blames-t...

--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 26th Jan, 2012 17:08
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google: No opt-out of mix-and-match data
By Tom Espiner, ZDNet UK, 25 January, 2012 14:50
People will not be able to opt out of having their data shared across Google products and services under the company's newly updated privacy policy.
Those who object to their data being merged and used to target advertising have the choice not to use Google services, a company spokesman told ZDNet UK on Wednesday.

"If you continue to use Google services after 1 March, you'll be doing so under the new privacy policy and terms of service," he said. "We hope you keep using Google, but if you'd prefer to close your Google Account, you can follow the instructions in our help centre."

"We remain committed to data liberation, so if you want to take your information elsewhere you can," he added.

Google expects to see some negative reaction from users. "Our priority for this change is to give clear notice and choice to our users," the spokesman said. "We're also working hard to explain the benefits of this change to our users so they understand why they should continue using Google."

Read more at :-
http://www.zdnet.co.uk/news/web-apps/2012/01/25/go...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 26th Jan, 2012 17:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Restore Missing/Hidden Icons Wiped Out by a Virus
By Rick Broida, PCWorld Jan 25, 2012 12:34 AM

Last night my sister-in-law called me, just about in tears. "Something" had happened to her laptop--probably a virus, she guessed--but everything seemed to be gone: all her desktop and Start Menu icons, and, even scarier, all her data. It was like aliens had abducted her desktop.

Not aliens: hackers. Her system had indeed been infected by a virus, and it took me a few sweeps with Malwarebytes Anti-Malware (still the best recovery tool out there, IMHO) to get rid of it. (Here's a great malware-removal tutorial from PC World's Eric Geier.)

Just one problem: removing the virus hadn't restored all my sister-in-law's icons and data. The hard drive still showed nearly full, meaning nothing had actually been erased, but for all intents and purposes, the stuff was still MIA.

Fortunately, I found a utility that worked a seemingly major miracle: It brought everything back.

Read more at :-
http://www.pcworld.com/article/248606/restore_miss...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 26th Jan, 2012 21:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 26th Jan, 2012 22:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 26th Jan, 2012 22:06
Zscaler launches Zulu service to scan sites for security threats
by Shaun Nichols
Security firm Zscaler has launched Zulu, a free service that can scan sites for possible security threats.
The company said that the service would use a combination of proprietary and open-source tools to scan sites and provide security ratings based on a number of criteria.

The service supports direct URLs as well as addresses masked with URL shortening services.
Michael Sutton, Zscaler vice president of threat research, told V3 the aim of the Zulu service was to go beyond the reach of conventional URL-scanning tools.
Rather than analysing sites based solely on reputation, Zulu uses heuristics, reputation and host domain analysis to give pages a threat rating.
"We saw a lot of great tools out there, but they tended to be very niche," Sutton said.
"We wanted something that was looking at all types of web content."
The result, said Zscaler, is a service that can not only notify users when a site directly contains an attack, but also alert them when a site's host domain and servers have previously been associated with illegal or malicious activities.
While the service is being provided free of charge, Zscaler also views Zulu as a possible research opportunity.
In addition to exposing users to the brand name, the platform allows the company to collect additional data on domains and possibly spot attacks that would have otherwise gone unnoticed.
"We are giving away some great information so that anybody in the world has the ability to analyse content," Sutton explained
"The benefit we get back is that maybe somebody submits a malicious URL that we have not yet seen."

http://www.v3.co.uk/v3-uk/news/2141109/zscaler-lau...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 27th Jan, 2012 20:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Drive-by-download attack exploits critical vulnerability in Windows Media Player
Web attackers are exploiting a recently patched Windows Media Player vulnerability to infect computers with malware

By Lucian Constantin
January 27, 2012 11:48 AM ET
IDG News Service - Security researchers from antivirus vendor Trend Micro have come across a Web-based attack that exploits a known vulnerability in Windows Media Player.

"Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003)," Trend Micro threat response engineer Roland Dela Paz said in a blog post Thursday.

The security flaw can be exploited by tricking the victim into opening a specially crafted MIDI (Musical Instrument Digital Interface) file in Windows Media Player.

Microsoft released a security fix for it on Jan. 10, as part of its monthly patch cycle. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," the company said at the time.

The so-called drive-by-download attack identified by Trend Micro researchers uses a malicious HTML page to load the malformed MIDI file as an embedded object for the Windows Media Player browser plug-in.

If successful, the exploit downloads and executes a computer Trojan on the targeted system, which Trend Micro detects as TROJ_DLOAD.QYUA. "We're still conducting further analysis on TROJ_DLOAD.QYUA, but so far we've been seeing some serious payload, including rootkit capabilities," Dela Paz said.

It's not yet clear how victims are being tricked into visiting the malicious page, but the attack doesn't appear to target a particular organization or group of people, said David Sancho, a senior antivirus researcher at Trend Micro.

More at :-
http://www.computerworld.com/s/article/9223768/Dri...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 27th Jan, 2012 20:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 27th Jan, 2012 21:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Call for illegal site demotion on search engines

The proposals are to be discussed at a government-led event next month

Illegal content should be forcibly demoted in web searches, a group of UK rights holders has suggested.

The organisations argued that search sites were "overwhelmingly" directing users to illegal content.

The proposal - developed as part of government-organised talks - was made public by critics of the plans following a Freedom of Information request.

The Open Rights Group (ORG) said the report was "dangerous" and "Sopa-like".

Campaigner Peter Bradwell was making reference to the recent protests surrounding the Stop Online Piracy Act in the United States.

"Yet again we're facing dangerous plans to give away power over what we're allowed to see and do online," he said.

"The proposals come from discussions that lack any serious analysis of the problem and boast barely a glimmer of democratic input or accountability."

Freedom of Information
The release of the document followed a round-table session held last year involving representatives from search engines, rights holders and the government.

The report read: "Consumers searching for digital copies of copyright entertainment are directed overwhelmingly to illegal sites and services.

More at :-
http://www.bbc.co.uk/news/technology-16740160

--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 27th Jan, 2012 21:23
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 28th Jan, 2012 22:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 30th Jan, 2012 16:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla OKs Firefox 10 launch this week
Adds another part of silent updating: Makes most add-ons work with each new edition

By Gregg Keizer
January 30, 2012 05:59 AM ET
Computerworld - Mozilla developers have given the green light to ship Firefox 10 on Tuesday.

Notes from a Mozilla meeting last week said that the upgrade was on for Jan. 31, the next ship date in the every-six-week schedule that the company adopted last year.

The new version includes one of the first components of Firefox's planned silent update mechanism: The browser automatically disables incompatible add-ons and marks all others as compatible.

Add-ons that work with Firefox 4 or later will be marked as compatible in Firefox 10, Mozilla said.
Complaints about incompatible add-ons have been common since Mozilla shifted to the faster release schedule, as add-on developers have been slow to revamp their code or at least mark their extensions as suitable for the newest browser.

More at :-
http://www.computerworld.com/s/article/9223796/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 30th Jan, 2012 16:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Industry group pushes new spec to eliminate phishing
Facebook, Google, and PayPal are promoting the new DMARC protocol in hopes it will make users less likely to receive fraudulent emails

By Jeremy Kirk | IDG News Service

Companies such as Facebook, Google, and PayPal are pushing for widespread use of a new technical specification, DMARC, that could make it harder for phishers to reach their victims.

A common problem with email is that it is very easy to spoof the "from" address, making it difficult for an average user to know if an email is really from the domain it purports to be from. Technologies such as DKIM and SPF already allow domain owners to vouch for mail sent in their name, but don't specify what to do with messages that fail the test. DMARC builds on those systems, allowing domain owners to ask receiving mail servers to discard mail that fails authentication tests. That will make it less likely that scam messages impersonating sites such as PayPal will appear in your inbox.

More at :-
http://www.infoworld.com/d/security/industry-group...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 30th Jan, 2012 16:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Cidrex Trojan Breaks CAPTCHA to Create Yahoo! Email Account

There has been a lot of debate lately on how challenging it is to create a software that can automatically break CAPTCHA security codes, some researchers even issuing advisories regarding the creation of strong CAPTCHAs.

However, security experts found that a component of the ZeuS-like Cidrex Trojan was able to break the security tests to create email accounts.


Websense researchers came across a variant of Cidrex, a banking Trojan, that not only infects computers with the purpose of stealing sensitive data from their owners, but it also manages to create Yahoo! email accounts to spam others.

This certain version of the malware spreads via emails containing a shortened link which points to the Blackhole exploit kit. If the exploit is successful, the Trojan is downloaded to the infected machine.

Cidrex then looks for sensitive information that later allows cybercriminals to access social media and banking accounts, and sends all the acquired data back to a command and control server.

More at :-
http://news.softpedia.com/news/Cidrex-Trojan-Break...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 30th Jan, 2012 16:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 31st Jan, 2012 17:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Monday, January 30, 2012 | 13:46
Labels: Beta updates, Chrome OS
The Beta channel has been updated to 17.0.963.46 for all platforms including Chromebooks (Platform versions: 1412.150). This update fixes a number of stability and UI issues. For Chromebook users, it also includes a new version of Pepper Flash. Full details about what changes are in this version of Chrome are available in the SVN revision log. Interested in switching release channels? Find out how on Chrome / Chromebooks. If you find a new issue, please let us know by filing a Chrome or Chrome OS bug.

Jason Kersey
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 31st Jan, 2012 17:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Cybersecurity report: All countries lag behind the bad guys
The new report from McAfee and SDA ranks Finland, Sweden and Israel as the countries most prepared for cyber-threats

By Grant Gross
January 30, 2012 04:24 PM ET
IDG News Service - The U.S. and U.K. are relatively well prepared for cyberattacks, compared to many other developed nations, but everyone has more work to do, according to a new cybersecurity study from McAfee and Security & Defence Agenda (SDA).

The report, which ranks 23 countries on cybersecurity readiness, gives no countries the highest mark, five stars. Israel, Sweden and Finland each get four and a half stars, while eight countries, including the U.S., U.K., France and Germany, receive four stars. India, Brazil and Mexico ranked near the bottom.

No country is ahead of cyberattackers, said Phyllis Schneck, CTO of the public sector for McAfee. The bad guys are "faster and swifter" than the good guys, she said.

More at :-
http://www.computerworld.com/s/article/9223836/Cyb...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 31st Jan, 2012 17:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Hackers infect WordPress 3.2.1 blogs to distribute TDSS rootkit
Compromised WordPress 3.2.1 blogs infect visitors with TDSS rootkit through Java exploits

By Lucian Constantin | IDG News Service

Hackers are compromising WordPress 3.2.1 blogs in order to infect their visitors with the notorious TDSS rootkit, according to researchers from Web security firm Websense.

It's not clear how the websites are being compromised, but there are publicly known exploits for vulnerabilities that affect WordPress 3.2.1, which is an older version of the popular blog publishing platform.

Once they gain unauthorized access to a blog, the attackers inject malicious JavaScript code into its pages in order to load a Java exploit from a third-party server.

"From our analysis the number of infections is growing steadily (100+)," said Websense principal security researcher Stephan Chenette in a blog post on Monday. The company's research into this mass code injection campaign indicates that whoever is behind it is experienced.

More at :-
http://www.infoworld.com/d/security/hackers-infect...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 31st Jan, 2012 17:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 1st Feb, 2012 08:49

SOFTWARE DEVELOPER Browsium has updated its web browser plug-in technology to help firms migrate from Microsoft Internet Explorer 6 (IE6), while still letting them access legacy applications written specifically for the outdated browser version.
The firm's first product, Unibrows required customers to deploy the IE6 engine, which caused some licensing issues, but the new product does away with that completely.
Browsium Ion, available immediately, introduces a new approach to compatibility. It eliminates the need to use the IE6 engine completely, and instead allows organisations to tailor configuration settings in IE8 and IE9 that will apply only to specific URLs that need remediation.

More at :-
http://www.theinquirer.net/inquirer/news/2142634/b...

This thread is now closed......
Please see February's posts at ]http://secunia.com/community/forum/thread/show/120...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.