Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Daily CYBERCLIPS February

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS February
Expert Contributor 1st Feb, 2012 08:43
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK

Seventeenth Edition.

Thankyou for the support . Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Expert Contributor 1st Feb, 2012 08:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, January 31, 2012 | 16:53
Labels: Dev updates
The Dev channel has been updated to 18.0.1025.1 for Windows, Mac, Linux and Chrome Frame. This build contains the following updates:

All
Updated V8 - 3.8.9.0
Moved the ‘privacy’ extension API out of experimental (Issue: 88030)
Mac
Fixed bookmarks menu being empty after switching profile. (Issue: 111034)
Perform Lion navigation gestures in the right window (Issues: 102541, 110655)
Fixed momentum scrolling that’s broken in iframes. (Issue: 112085)
Fixed Devtools closing in wrong tab when clicking close after resize. (Issue: 111206)
Known Issues
Settings revamp is still a work-in-progress. Please file issues at crbug.com.
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 2
Expert Contributor 1st Feb, 2012 11:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Symantec drops don't-use advice, gives pcAnywhere all-clear
Offers free upgrades to customers running older editions as one rival swoops in with special pricing

By Gregg Keizer
January 31, 2012 04:15 PM ET5 Comments
Computerworld - Symantec has retracted its don't-use-pcAnywhere recommendation to owners of the remote access software.

Last week, the company took the highly unusual step of telling pcAnywhere users to disable the program based on a 2006 source code leak and this month's claims by members of Anonymous that they were mining the stolen code for vulnerabilities.

Symantec spokesman Brian Modena declined to declare the now-patched pcAnywhere as safe to use when asked that question multiple times, but hinted that the fixes the company has released were sufficient.

"At this time, Symantec recommends that customers ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow general security best practices," Modena said in a pair of emailed responses to questions about the software's safety.

More at :-
http://www.computerworld.com/s/article/9223863/Sym...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Expert Contributor 1st Feb, 2012 20:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kelihos botnet, once crippled, now gaining strength
Microsoft and Kaspersky Lab are now seeing the botnet it shutdown in September coming back to life

By Jeremy Kirk
February 1, 2012 10:04 AM ET
IDG News Service - A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.

The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams.

But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled.

But the computers that comprised Kelihos were still infected with its code. Researchers knew that it would only be a matter of time before its controller used the botnet's complex infrastructure of proxy servers and communication nodes to regain control.

More at :-
http://www.computerworld.com/s/article/9223885/Kel...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Expert Contributor 1st Feb, 2012 20:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft ditches plug-ins for Internet Explorer 10 in Metro

Adobe Flash to disappear
By Lawrence Latif
Wed Feb 01 2012, 14:32

SOFTWARE REDEVELOPER Microsoft has revealed that its Internet Explorer 10 will not use plug-ins when running in the Metro user interface.
Microsoft's Internet Explorer 10 will be released along with the firm's upcoming Windows 8 operating system that features the Metro user interface. The interface, which looks much like the one on the firm's Windows Phone operating system, aims to simplify Windows usage. As part of that, Internet Explorer 10 will be free of plug-ins when run in the Metro interface.
According to Microsoft, Metro style Internet Explorer 10 disposes with plug-ins in a bid to improve battery life, security, reliability and user privacy. The announcement will give further credibility to Apple's long-held strategy of using a clean-cut web browser with IOS.
John Hrvatin, Microsoft programme manager lead on Internet Explorer said, "The desktop browsing experience and most plug-ins were not designed for smaller screens, battery constraints, and no mouse. Providing an easy way to the Windows desktop is the last resort when no comparable plug-in free fallback content exists."
To Microsoft's credit it has finally come around to supporting open standards such as HTML5 and CSS3, while ditching its own ill-received Silverlight. And should Internet Explorer force users away from proprietary plug-ins, it could be the final nail in the coffin for Adobe's Flash.

http://www.theinquirer.net/inquirer/news/2143021/m...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Expert Contributor 1st Feb, 2012 20:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla adds a full-xcreen API with Firefox 10

Targets web applications with greater WebGL support
By Lawrence Latif
Wed Feb 01 2012, 16:59

OPEN SOURCE SOFTWARE HOUSE Mozilla has released Firefox 10 and announced developer tools built into the web browser.
Mozilla's Firefox 10 is the first release of the popular web browser in 2012. In less than a year Mozilla has updated Firefox from release 4 to release 10, and while the latest version includes optimisations and fixes, the software outfit has also improved tools for web developers.
Perhaps Mozilla's biggest change in Firefox 10 is the Full-Screen API for web sites and applications. The idea is to better use screen real estate, and Mozilla claims its Full-Screen API will help developers create games and "immersive video experiences".
As part of Mozilla's effort to increase the richness of applications, it has extended its WebGL support. There is also support for CSS 3D transformation, which the outfit said allows developers to transform two dimensional objects into 3D without the need for a plug-in.
Mozilla has also made some changes to code editing, with web developers being able to use page and style inspectors to alter HTML and CSS code, respectively, without having to leave Firefox. Mozilla said its Scratchpad is now powered by the Eclipse Orion code editor to provide syntax highlighting.

http://www.theinquirer.net/inquirer/news/2143091/m...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Expert Contributor 1st Feb, 2012 20:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thunderbird 10 Stable Available for Download Together with releasing the stable version for Firefox 10, Mozilla also rolled out the stable build for their email client, Thunderbird.

The list of newly added features for this release is very short and not at all unexpected, taking into consideration that they’ve been advertised in the beta, as well.

As such, Thunderbird 10 comes with built-in Web search capabilities, as you can see from the image above. Searching through email has also been improved in order to render more accurate results.

Although these are the most important modifications, the new build has been through an optimization process, which included the elimination of bugs tampering with the email drafting process.

Bug squashing aside, the current version of the client has a problem yet to be solved with viewing RSS feeds in Wide View Layout. The workaround is to disable Lightning Calendar add-on or switch to Classic View and restart Thunderbird.

http://news.softpedia.com/news/Thunderbird-10-Stab...

--
Was this reply relevant?
+0
-0
mogs CClip 7
Expert Contributor 2nd Feb, 2012 11:19
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Financial malware targets online banking customers in the UK and US

Captures information on victims' telephone accounts
By Kate O'Flaherty
Wed Feb 01 2012, 19:06
A MALWARE variant is targeting online banking customers in the UK and the US, it has been discovered.
Ice IX, a modified variant of the Zeus financial malware is capturing information on telephone accounts belonging to the victims. This allows attackers to divert calls from the bank intended for their customer to attacker controlled phone numbers, according to security firm Trusteer.
Amit Klein, CTO of Trusteer, said,"I believe the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank's post-transaction verification phone calls to professional criminal caller services that approve the transactions."
In one attack captured by Trusteer researchers, at login the malware steals the victim's user ID and password, memorable information or secret question and answer, date of birth and account balance.
Next, the victim is asked to update their phone numbers of record - home, mobile and work - and select the name of their service provider from a drop-down list. In this particular attack, the three most popular phone service providers in the UK are presented, BT, Talktalk and Sky.
To enable the attacker to modify the victim's phone service settings, the victim is then asked by the malware to submit their telephone account number. The fraudsters justify this request by saying this information is required as a part of verification process caused by "a malfunction of the bank's anti-fraud system with its landline phone service provider".
Klein said, "Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank. This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user."

http://www.theinquirer.net/inquirer/news/2143106/f...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Expert Contributor 2nd Feb, 2012 11:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
US and China provide home to most hackers Security researchers have found that the US and China are by far the most popular starting points for online attacks.
Security firm NCC said that its global reports placed the two countries far ahead of all other nations in their share of malicious activity. The US claimed 22 per cent of all the world's attacks, while China was second with a 16 per cent share.

Those attacks have also impacted the global economy. NCC estimates that hacking attempts in the two countries combined for a hit on the global economy of roughly $44bn.
Russia was a distant third on the list, claiming a 3.6 per cent share and a cost of roughly $4bn in damages. Rounding out the top five were Brazil with 3.5 per cent and Italy with 3.1 per cent of the world's hacking activity.
The UK was placed outside of the top 10. The country's 1.74 per share of the hacking market good for 15th overall. NCC estimates that hacking activity within the UK cost the global economy roughly $2bn in losses.

More at :-
http://www.v3.co.uk/v3-uk/news/2143119/china-provi...

--
Was this reply relevant?
+0
-0
mogs CClip 9
Expert Contributor 2nd Feb, 2012 12:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Gov.uk service portal opens for public testing

The site intends to simplify finding and interacting with government services online

A website which aims to bring government services together under a single web address has been launched as a public trial.

The gov.uk project, which is expected to launch in full later this year, has a budget of £1.7m.

Currently, online government services are spread across multiple domains and managed by different teams.

The government claimed that bringing services together in this way could save up to £50m per year.

This saving is said to come from making operational savings by "removing the costs associated with software licences and infrastructure investment".

However, when contacted by the BBC, the Cabinet Office could not give specific details over where those savings would be made.

The site uses a simple search engine-like interface to tie the government's vast portfolio of websites together.

Users have been invited to test the new website and report any bugs or usability issues.

The website advises that while gov.uk is fully-functional, some aspects may be "inaccurate or misleading" while still in the beta stage.

More at :-
http://www.bbc.co.uk/news/technology-16832368

--
Was this reply relevant?
+0
-0
mogs CClip 10
Expert Contributor 2nd Feb, 2012 17:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Demand for safety kitemark on software stepped up

MPs want new standard plus web security schooling
By John Leyden
The government and industry ought to do more to promote online safety, according to an influential panel of MPs.

Politicos on the Science and Technology Select Committee called for the expansion of Get Safe Online and similar efforts, and for more prolonged awareness campaigns geared towards dispelling fears and encouraging common sense.

The committee wants a single place where punters can get basic security advice, stripped of confusing technical jargon, plus television campaigns.

It also wants public services to be convenient and secure by design, rather than focused on cost-savings, because the government's "digital by default" policy will require citizens to access services, including benefit payments, online.

Finally, and most controversially, MPs want to see "safety standards on software sold within the EU, similar to those imposed on vehicle manufacturers". Industry self-regulation is the preferred route towards achieving that goal but the panel said that if that fails then legislation ought to be considered.

More at :-
http://www.theregister.co.uk/2012/02/02/mps_cyber_...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Expert Contributor 2nd Feb, 2012 18:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Symantec: We've plugged up pcAnywhere holes

Security giant tries to draw line under source code soap opera
By John Leyden
Symantec has said its pcAnywhere remote control software is once again safe to use, following the release of its latest security patch.

The security giant made the highly unusual move last week of advising customers to avoid using older but still widely used versions of pcAnywhere as a precaution, after it emerged that the product's source code was swiped by Anonymous-affiliated hackers.

The "Lords of Dharmaraja" bragged that they had obtained copies of Symantec's source code and threatened to publicly disclose it in order to facilitate the hunt for unpatched vulnerabilities. Source code for pcAnywhere was put up as the first candidate for this bug hunt, hence the heightened security concern over this product.

After initially blaming the leak on a security breach by an "unnamed third party", Symantec eventually admitted the breach was the result of a previously undisclosed theft of source code from its systems dating back to 2006. Older versions of the source code of a range of enterprise and consumer security products from Symantec was exposed.

More at :-
http://www.theregister.co.uk/2012/02/02/pcanywhere...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Expert Contributor 2nd Feb, 2012 18:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google changes enable 'per country' blog takedowns

A Google spokesperson said it believed that 'access to information is the foundation of a free society'
Blogger sites can now be blocked on a "per country" basis after a change to its web address system.

Google will now be able to block access in individual countries following a legal removal request.

The new system means blocking will not require restricting world-wide access to a blog.

The changes apply in Australia, New Zealand and India, but the BBC understands Google plans to roll it out globally.

The news follows Twitter's announcement that it could selectively block tweets on a country-by-country basis - news that attracted criticism from free speech campaigners.

However, Joss Wright, research fellow at the Oxford Internet Institute, said he felt the changes to Blogger were a positive step.

More at :-
http://www.bbc.co.uk/news/technology-16852920

--
Was this reply relevant?
+0
-0
mogs CClip 13
Expert Contributor 2nd Feb, 2012 19:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla Patches 8 Vulnerabilities with Firefox 10 As part of latest iteration of its rapid release schedule, Mozilla released an update to patch eight vulnerabilities present in the Firefox browser. Since mid-2011 Mozilla has been releasing updates every six weeks and the latest Firefox 10 is its sixth release in that line.
Out of the 8 vulnerabilities that it fixes, 6 are rated as "critical" which is company's highest threat rank and two are considered as "high". One of the vulnerability, which has been cured via Firefox 10, exposed users to cross-site scripting (XSS) attack as the browser fails to run security scan on untrusted scripting objects, as stated by the company. The update also works on other bugs which forces the browser to crash.

An accompanying advisory in Mozilla's official website stated that, "The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts."
The company also claimed that Firefox 10 has a number of features important for developers. However, for the users there is one noticeable change which is the ability of the browser to mark automatically almost all the add-ons that are compatible with every upgrade.


Read more: http://www.itproportal.com/2012/02/02/mozilla-patc...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Expert Contributor 2nd Feb, 2012 20:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Norton set to secure passwords through the cloud

The division of Symantec enables logins to multiple sites and devices with one secure master password.
By Jennifer Scott, 2 Feb 2012 at 09:45

Norton has announced the beta launch of Norton Identity Safe, which aims to use the cloud to secure multiple devices and logins.

Rather than having to carry a number of passwords for different websites, the beta sets up one master password and uses the cloud to enable it across multiple devices, be it an Android phone, iOS tablet or home PC.

Norton Identity Safe also includes Norton Safe Web, meaning in addition to the password tools, users get extra security protection on their mobile and home devices when accessing risky websites or by identifying dangerous URLs.

Research conducted by Norton claimed 38 per cent of respondents still wrote passwords down, with 45 per cent using the same login already across multiple sites. By utilising the cloud, the risk to users should be decreased, whilst still only having to remember one login.

Read more at :-
http://www.itpro.co.uk/638647/norton-set-to-secure...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Expert Contributor 2nd Feb, 2012 21:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Verisign has been named as the latest company to suffer a targeted attack on its corporate systems.
A report from Reuters references filings the company issued with the US Securities and Exchange Commission (SEC) last year in reporting that the company's Reston,Virginia facility was breached in 2010 by attackers.
The breach is not believed to have resulted in a compromise of the DNS system. The company said that none of its servers connected to the platform were breached in the attack.
Verisign, which oversees administration of the .com, .gov and .net domains has long served as the primary guardian of the DNS platform, which connects web domain names with the corresponding IP addresses of their servers.
DNS security has been a concern in recent years, as Verisign and others have worked to roll out the DNSSec platform. The platform was extended into the .com domain in April of last year.
Prior to the development of DNSSec, researchers such as Dan Kaminsky had worried that the platform could be manipulated by criminals to redirect users from valid sites to phishing pages without their knowledge

http://www.v3.co.uk/v3-uk/news/2143646/verisign-re...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Expert Contributor 3rd Feb, 2012 10:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 3rd Feb, 2012 10:22
Half of Fortune 500 firms infected with DNS Changer
Machines will be cut off from the Web next month, say experts

By Gregg Keizer
February 2, 2012 04:17 PM ET
Computerworld - Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the "DNS Changer" malware that redirects users to fake websites and puts organizations at risk of information theft, a security company said today.

DNS Changer, which at its peak was installed on more than four million Windows PCs and Macs worldwide -- a quarter of them in the U.S. alone -- was the target of a major takedown organized by the U.S. Department of Justice last November.

The takedown and accompanying arrests of six Estonian men, dubbed "Operation Ghost Click," was the culmination of a two-year investigation, although some security researchers have been tracking the botnet since 2006. As part of the operation, the FBI seized control of more than 100 command-and-control (C&C) servers hosted at U.S. data centers.

According to Tacoma, Wash.-based Internet Identity (IID), which provides security services to enterprises, half of the firms in the Fortune 500, and a similar percentage of major U.S. government agencies, harbor one or more computers infected with DNS Changer.

Read more at :-
http://www.computerworld.com/s/article/9223941/Hal...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Expert Contributor 3rd Feb, 2012 10:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Netfleet Hacked

The hackers may have accessed customers' names, e-mail addresses, mailing addresses, phone numbers and encrypted credit card numbers.

February 02, 2012
Australian domain reseller Netfleet was recently hacked.

"Netfleet bills itself as Australia's largest and most active domain name trading website operated by 'a small team of developers and domain enthusiasts,'" writes SC Magazine's Darren Pauli. "It admitted that hackers may have stolen customers' name, email and street addresses, phone numbers and encrypted credit card numbers with expiry dates."

"'Whilst we believe no sensitive data such as credit card information was accessed by the intruder, there is a possibility that this is indeed the case and as such we felt it our duty to inform you,' the company wrote in an email," Pauli writes.

Go to "Aussie domain reseller Netfleet hacked" to read the details

.http://www.esecurityplanet.com/hackers/netfleet-ha...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Expert Contributor 3rd Feb, 2012 21:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

German gov't endorses Chrome as most secure browser
Federal security agency touts sandbox, silent update as features that keep citizens safer online
By Gregg Keizer | Computerworld US | 03 February 12

Germany's cyber security agency today recommended that Windows 7 users run Google's Chrome browser, citing the application's sandbox and auto-update features.

In a security best practices guideline, Germany's Federal Office for Information Security, known by its German initials of BSI, said Chrome was the best browser.

"Your internet browser is the key component for the use of services on the Web and thus represents the main target for cyber-attacks," said BSI in its published advice. "By using Google Chrome in conjunction with the other measures outlined above, you can significantly reduce the risk of a successful IT attack."

BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation.

"This [sandbox] protection is implemented most consistently in Chrome...[and] similar mechanisms in other browsers are currently either weaker or non-existent," explained BSI.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3335080/g...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Expert Contributor 3rd Feb, 2012 21:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft team discovers malicious cookie-forwarding scheme
The scheme could clandestinely forward stolen session cookies to zombie machines in botnets that could use them to gain unauthorized access to websites

By Tim Greene | Network World

Microsoft researchers checking how easy it is to identify users by analyzing commonly collected Web-log data incidentally discovered a cookie-forwarding scheme that can be used to aid session hijacking.

If put into play, the scheme could clandestinely forward stolen session cookies to individual zombie machines in botnets that could use them to gain unauthorized access to websites, according to their research paper "Host Fingerprinting and Tracking on the Web: Privacy and Security Implications" (PDF).

Using data about hundreds of millions of devices that connected to Hotmail during August 2010, the researchers found a certain percentage that connected from more than one Internet AS (Autonomous System) -- a large collection of related IP addresses, usually under the control of a large organization like a service provider, corporation or university.

By tracking cookies that Hotmail issued to these devices, the researchers concluded that most of them were legitimate and were likely mobile or using VPNs, hence the changing location of their IP addresses.

But they also found a small group of cookies exhibiting abnormal behavior. A single IP address in Denmark was logging into a large number of Hotmail accounts. The Hotmail cookies sent to those users were then being reused to gain access from IP addresses in multiple ASs in the U.S., apparently having been shipped to those IP addresses via a covert channel, the researchers say

Read more at :-
http://www.infoworld.com/d/security/microsoft-team...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Expert Contributor 3rd Feb, 2012 22:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Oracle Patches Security Flaw Affecting Three Products

A remote user could exploit the vulnerability to affect a system's availability.

February 03, 2012 Share
Oracle recently patched three of its products to address a vulnerability that could cause a denial of service.

"The out-of-band patches addressed denial-of-service vulnerabilities that were present in several Oracle products, the company said in a security alert issued Jan. 31," writes eWeek's Fahmida Y. Rashid. "A remote user would be able to exploit this vulnerability, CVE 2011-5035, and affect the system's availability, according to Oracle."

"The affected products are Oracle Application Server 10g Release 3 version 10.1.3.5.0, Oracle WebLogic Server versions 9.2.4, 10.0.2, 11gR1, 12cR1, and Oracle iPlanet Web Server 7.0 and Oracle Java System Web Server 6.1," Rashid writes. "The Oracle Containers for J2EE component in the Application Server was patched."

Go to "Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet" to read the details.

http://www.esecurityplanet.com/patches/oracle-patc...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Expert Contributor 3rd Feb, 2012 22:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Was Your Email Account Hacked? PwnedList Can Tell You
Concerned about your private data in the wake of a big hack? The PwnedList website helps you find out if your online accounts were leaked during a data breach.
By Alex Wawro, PCWorld Feb 3, 2012 2:35 am

If you have an account with a company whose servers have been hacked, it’s nerve-wracking to wonder whether or not your private data has been leaked onto the Internet. Thankfully, a new Web service seeks to aggregate all the leaked account data on the Internet and make it easy for you to check and see if you’re on the list.

PwnedList (pwnedlist.com) is the brainchild of Alan Puzic, a professional security intelligence researcher partial to a bit of "white-hat" (good-guy) hacker work. PwnedList was born in July 2011 as a public service to help privacy-minded people verify the security of their online accounts.

“Our goal was to design a simple-to-use online portal where an average user could check to see if his or her account credentials were leaked,” said Puzic in an interview with PCWorld. Within a week, Puzic and his team (including security researchers Stephen Thomas and Jasiel Spelman) had gathered more than a million hacked accounts from websites like The Pirate Bay and PasteBin, social networks like Twitter, and even hacker forums and chatrooms. At the time of the interview, PwnedList had been operating for almost six months, with its database approaching 10 million entries.

But don’t worry: Even though the folks at PwnedList are constantly seeking out compromised usernames, email addresses, and passwords, they don’t store all that information in the PwnedList database. Instead, they take all the compromised account data they find (or that anonymous users submit to them) and use an algorithm to create a unique string of alphanumeric characters for every username and email address. They then save the strings in the PwnedList database before deleting the actual login information. This procedure means that no hacker can crack the PwnedList database and gain access to a single list of the hundreds of thousands of compromised accounts that the PwnedList team is aggregating.

Read more at :-
http://www.pcworld.com/article/249148/was_your_ema...

--
Was this reply relevant?
+0
-0
mogs CClip 22
Expert Contributor 3rd Feb, 2012 23:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Thursday, February 2, 2012 | 17:55
Labels: Dev updates
The Dev channel has been updated to 18.0.1025.3 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:
Fixed URL handling of settings page. [Issue: 111900]
Fixed crash when unpacking extension. [Issue: 112301]
Fixed the case where the utility process crashes after all plugins have been loaded. [Issue: 111935]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 23
Expert Contributor 4th Feb, 2012 09:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 12 Aurora Removes OS Security Dialog for Windows Mozilla finished migrating the code to Aurora, and, as a result, what’s to turn into Firefox 12 stable on April 24, is now available for download. It brings to the table some interesting features, which, hopefully, will not be pushed back and will move to more stable versions of the web browser.

One important feat the development team managed to achieve is the removal of the security prompt generated by Windows’ UAC (user account control). Actually, this is currently available in Firefox Aurora 12, but further testing is necessary.

Another feature targeted for this release, but now available in the nightly build, is inline autocomplete feature. This would make the browser feel faster as it would cut on user input when typing URLs.

Also planned for Firefox 12 is the Home Tab. However, development is carried out in Firefox UX and only the specs for phase one are complete, so it may stay in Aurora for some time.

http://news.softpedia.com/news/Firefox-12-Aurora-R...

--
Was this reply relevant?
+0
-0
mogs CClip 24
Expert Contributor 4th Feb, 2012 18:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Kelihos Not Resurrected, New Malware Used to Create Botnet After Kaspersky revealed that the Kelihos botnet they terminated back in September in a partnership with Microsoft and Kyrus Tech Inc. may have returned, the Redmond company comes forward with some clarifications, arguing that this is actually a new version of the Kelihos malware that’s being used to create a new botnet.

The new malware variant is called “Backdoor:Win32/Kelihos.B” and it appears to be based on the initial malware’s cod, but it’s slightly updated and there is no evidence to point that the botnet that was taken down previously has returned to the control of the cybercriminals.

Furthermore, it is believed that this variant is based in part on Waledac, a botnet terminated by Microsoft at the beginning of 2010, but this doesn’t come as a surprise since it’s a known fact that malware authors often utilize code from previous versions.

“Analysis of these samples and continuing observations of Kelihos-infected computers have demonstrated no known re-employment of the original Kelihos botnet by botherders,” Richard Domingues Boscovich, senior attorney at Microsoft Digital Crimes Unit said.

Currently, neither Microsoft nor Kaspersky can provide precise numbers to indicate the size of this potentially new botnet, but Kaspersky’s analysis reveals that the size of the old botnet dropped by 25% in the past two months.

It is estimated that the old botnet’s size is far smaller than initially thought, less than 10,000 computers being infected. This number may seem large, but considering that at the time it was taken down the botnet infected 41,000 devices, the progress is pretty significant.

More at :-
http://news.softpedia.com/news/Kelihos-Not-Resurre...

--
Was this reply relevant?
+0
-0
mogs CClip 25
Expert Contributor 4th Feb, 2012 19:01
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Facebook malware scam takes hold
A link to malware purporting to be CNN coverage of a US attack on Iran is reaching hundreds of thousands of Facebook users
By Cameron Scott | 03 February 12

A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, security firm Sophos said Friday.
If users who follow the link then click to play what purports to be video coverage of the attack, they are prompted to update their Adobe Flash player with a pop-up window that looks very much like the real thing. Those who accept the prompt unwittingly install malware on their computers.

Within three hours of the scam's appearance, more than 60,000 users had followed a link to the spoofed CNN page, according to Sophos Senior Security Advisor Chester Wisniewski. Facebook removed that link, but others are still being shared.

More at :-
http://www.pcadvisor.co.uk/news/security/3335087/f...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Expert Contributor 8th Feb, 2012 12:15
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
| 18:03
Labels: Dev updates
The Dev channel has been updated to 18.0.1025.7 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:

Users can now sync NTP icons to their profile and keep their order across different instances of chrome. [Issues: 111277, 100737, 61447]
Pointer Lock / Mouse Lock is implemented behind a flag (see about:flags). Mac only bug fix when closing a tab. [Issue: 111860]
Fixed stability crashes [Issue: 112590, 112116, 111968, 110909]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
6 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 27
Expert Contributor 8th Feb, 2012 12:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Adobe sets IE as next target in Flash security work
Releases beta of sandboxed Flash Player plug-in for Firefox, on to Microsoft's browser

By Gregg Keizer
February 7, 2012 03:36 PM ETAdd a comment
Computerworld - Adobe plans to tackle Microsoft's Internet Explorer (IE) in its ongoing work to "sandbox" its popular Flash Player within browsers, Adobe's head of security said today.

Yesterday, Adobe released a beta version of a sandboxed Flash Player plug-in for Mozilla's Firefox on Windows Vista and Windows 7 as a follow-up to a similar initiative in 2010 for Google's Chrome.

Next on the list: IE.

"IE has a big chunk of the user base," said Brad Arkin, senior director of security, products and services, in an interview Tuesday. "We want to do what protects the most users the fastest, so we're looking at how we can tackle sandboxing in IE."

Read more at :-
http://www.computerworld.com/s/article/9224047/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Expert Contributor 8th Feb, 2012 12:25
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Move over cybercrims, DDoS now protesters' weapon of choice

Attackers swap rifles for machine guns with laser sights
By John Leyden • Get more from this author

Posted in Security, 8th February 2012 08:31 GMT
Microsoft Virtual Academy - 3 steps to a world of free training and valuble certification
Ideological hacktivism has replaced cybercrime as the main motivatation behind DDoS attacks, according to a study by Arbor Networks.

Up until last year, DDoS attacks were typically financially driven – either for reasons of competition or outright extortion – but the activities of Anonymous and related groups have changed that. The plethora of readily available DDoS attack tools (such as LOIC, a sometime favourite of Anonymous) means that anyone can launch an attack and any business could potentially be targeted.

Arbor, which specialises in supplying DDoS mitigation and traffic management tools to telcos and ISPs, describes the rise of hacktivism as a "sea-change in the threat landscape

More at :-
http://www.theregister.co.uk/2012/02/08/ddos_attac...

--
Was this reply relevant?
+0
-0
mogs CClip 29
Expert Contributor 8th Feb, 2012 12:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Malware Steals Documents and Uploads Them to Sendspace
Security experts came across a piece of malware that’s cleverly programmed to steal documents from the infected computer. While this may not be new, the twist to this story is that the malicious element is designed to upload the obtained Microsoft Word and Excel files to the hosting site sendspace.com


Trend Micro researchers say that Sendspace was used on previous occasions to store stolen data because the service allowed crooks to “send, receive, track and share” big files, but the process was never done automatically by a malware.

The infection begins with an executable file called Fedex_Invoice.exe, identified as TROJ_DOFOIL.GE, the file’s name hinting that it may be spread with the use of a fake “FedEx failed delivery” spam campaign.

Once the file is executed, it downloads and executes TSPY_SPCESEND.A, a Trojan that searches the local drive for Word and Excel documents, collecting them in a password-protected archive placed in the user’s temporary folder.

After the archive is created, it’s uploaded to Sendspace, its download link being transmitted to the malware’s command and control server. This way the crooks don’t have to store all the files on the C&C, instead they access them from the file hosting service.

“We’ve seen dropsites/dropzones for stolen/exfiltrated data that are hosted also within domains owned by the cybercriminals. Now, we’re seeing legitimate ‘clouds’ being used by criminals where they can drop and pickup their loot,” Trend Micro Solutions Evangelist Ivan Macalintal said.

More at :-
http://news.softpedia.com/news/Malware-Steals-Docu...

--
Was this reply relevant?
+0
-0
mogs CClip 30
Expert Contributor 8th Feb, 2012 12:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
RealPlayer 15.02.71 Patches Critical Flaws

The update addresses seven remote code execution vulnerabilities.

February 07, 2012 Share
Version 15.02.71 of RealPlayer was recently released to address seven highly critical remote code execution vulnerabilities.

"These include errors when processing RMFF Flags, VIDOBJ_START_CODE and RealAudio coded_frame_size, as well as RV10 Encoded Height/Width, RV20 Frame Size Array and RV40 content," The H Security reports.

"A remote code execution problem in Atrac Sample Decoding has also been fixed but is not found in the 15.x.x branch of the media player; this issue affects Mac RealPlayer 12.0.0.1701 but is reportedly not found in version 12.0.0.1703," the article states.

Go to "RealPlayer update closes critical holes" to read the details.

http://www.esecurityplanet.com/patches/realplayer-...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Expert Contributor 8th Feb, 2012 21:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google Chrome will no longer check for revoked SSL certificates online
Google has decided to drop OCSP revocation checks from Chrome because they are inefficient and slow

By Lucian Constantin
February 8, 2012 12:55 PM ET
IDG News Service - Google plans to remove online certificate revocation checks from future versions of Chrome because it considers the process inefficient and slow.

Browsers currently check if a website's SSL certificate has been revoked by its issuing Certificate Authority (CA) when trying to establish an HTTPS connection. These checks are done by querying CA-operated servers through a special protocol known as OCSP (Online Certificate Status Protocol).

The problem is that browsers can't always communicate with the validation servers because of various technical problems and when something like this happens, the HTTPS connections should not be established; at least in theory.

However, because these failures can have a serious usability impact, especially when CAs experience server downtime, browser vendors have decided to ignore revocation checks that result in network errors. This is a referred to as a soft-fail.

"An attacker who can intercept HTTPS connections can also make online revocation checks appear to fail and so bypass the revocation checks," Google security engineer Adam Langley said in a blog post on Sunday.

"So soft-fail revocation checks are like a seatbelt that snaps when you crash," he said. "Even though it works 99% of the time, it's worthless because it only works when you don't need it."

This suggests that online certificate revocation checking doesn't add a lot of value to Web security in its current implementation. However, keeping it on comes at a significant cost -- browsing speed.

"The median time for a successful OCSP check is ~300ms and the mean is nearly a second," Langley said. "This delays page loading and discourages sites from using HTTPS."

After considering the drawbacks, Google decided to remove OCSP checks from future versions of Chrome and replace them with a local list of revoked certificates that can be updated without requiring a browser restart. Attackers could theoretically block the update process, but this will require more effort than blocking an OCSP revocation check, Langley said.

The security engineer invited CAs to voluntarily contribute their revoked certificates to the list by publishing them in a format and place that's accessible to Google's crawler.

Experts have raised serious questions about the security and reliability of the current SSL infrastructure during recent months, following security breaches at several CAs that resulted in rogue certificates being issued. Various proposals for improving or replacing the current system are being discussed.

http://www.computerworld.com/s/article/9224078/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Expert Contributor 8th Feb, 2012 21:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Marlinspike asks browser vendors to back SSL-validator

'Convergence' open source dev needs vendors to balance the load
By John Leyden
Posted in Security, 8th February 2012 13:38 GMT

Analysis Moxie Marlinspike is encouraging browser developers to support an experimental project to shake up the security of website authentication by moving beyond blind faith in secure sockets layer (SSL) credentials.

The Convergence open-source project is designed to address at least some of the main shortcomings that underpin trust in e-commerce and other vital services, such as webmail. The technology, available as a browser add-on for Firefox, allows users to query notary servers – which they can pick – to make sure the SSL certificate served up by any particular site is kosher.


Marlinspike described the Firefox add-on as a proof-of-concept, adding that he was talking to other browser vendors. "Browser vendors should lead because this is the only way that Convergence can become an 'invisible platform' where surfers can use it without knowing that's what they are relying on," he said.

"We've got the ball rolling and its now up to vendors to do the bulk of the work," he added.

More at :-
http://www.theregister.co.uk/2012/02/08/convergenc...

--
Was this reply relevant?
+0
-0
mogs CClip 33
Expert Contributor 8th Feb, 2012 21:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Stable Channel Update
Wednesday, February 8, 2012 | 09:00
Labels: Stable updates
The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 17.0.963.46 contains a number of new features including:
New Extensions APIs
Updated Omnibox Prerendering
Download Scanning Protection
Many other small changes
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 34
Expert Contributor 12th Feb, 2012 01:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
All Google Chrome channels have been updated in the past few days. Now the developer incremented the version number for the dev channel to 19.0.1036.7 for Windows, Mac, Linux and Chrome Frame, and there are plenty of modifications available, reintroducing the refreshed “Settings” page, already available in Chromim, being one of them.

The new release comes with an updated JavaScript engine (V8 3.9.4.0) and enables the spelling service on all supported platforms, so that spelling suggestions are displayed from the online spellchecker, for mistyped words; however, this works only after users opt into sending text to the service.

Fixes are also present in this build, for Windows in particular. On this platform, visual artifacts have been removed when UI bubbles fade, and 3D acceleration on machines with NVIDIA Optimus graphics has been repaired.

http://news.softpedia.com/news/Google-Chrome-Dev-1...

--
Was this reply relevant?
+0
-0
mogs CClip 35
Expert Contributor 12th Feb, 2012 01:51
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft to Release 9 Security Bulletins on February 14th
Next week, Microsoft will make available its February 2012 monthly security patches for the Windows platform and various other products on it.

In the Microsoft Security Bulletin Advance Notification for February 2012, that it made public on Thursday, Microsoft announced that there would be no less than nine bulletins included in the update.

Among them, we can count four bulletins rated Critical, along with five rated Important. Seven of these are meant to patch security holes that could allow Remote Code Execution, while two of them fix breaches that could allow Elevation of Privilege.

In the said Advance Notification for February 2012, Microsoft also notes that these security patches will fix issues in Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Silverlight, Microsoft Office and Microsoft Server Software.

Users who will apply the update should keep in mind that, four of the patches will be applied only if the computer is restarted. The other five may require restart as well.

The Redmond-based software giant will offer specific info on these security patches on February 14th, when it releases the February bulletin summary.

In addition to these patches, Microsoft will deliver a new version of its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

http://news.softpedia.com/news/Microsoft-to-Releas...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Expert Contributor 12th Feb, 2012 01:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Firefox 10.0.1 Available for Download There have been talks about releasing a new version of Firefox this week. This chemspill release should not be too surprising since Firefox 8 and 9 already built up a pattern in this sense.

The purpose of Firefox 10.0.1 is to fix two top issues that could not wait until the launch of the future major version. One of them is a top startup crash and the other refers to Java applets causing text fields to hang.

The effects of the latter are visible when interacting with an embedded Java applet, which causes all text spaces to become unusable. Minimizing Firefox or resizing is the workaround, unless updating to Firefox 10.0.1.

Developers are also looking to block AVG Safe Search versions causing broken location bar behavior.

Currently, there is also an issue with the add-on manager but more details are to be uncovered. Also, this problem seems manageable through the release of a hotfix.

http://news.softpedia.com/news/Firefox-10-0-1-Avai...


--
Was this reply relevant?
+0
-0
mogs CClip 37
Expert Contributor 12th Feb, 2012 02:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google says that both its Web and Chromium security reward programs were a big success

By Lucian Constantin | IDG News Service

Encouraged by the success of its Web and Chromium vulnerability reward programs, Google has decided to expand their scope in order to cover security issues in Chromium OS as well.

"By all available measures, the program has been a big success," said Google Security Team technical program manager Adam Mein about the company's Web vulnerability reward program, in a blog post on Thursday.

[ Also on InfoWorld: Security researchers have exposed a vulnerability in Google Wallet that could leave it open to brute-force attacks. | Stay up to date on the latest security developments with InfoWorld Security Central newsletter. ]

Since its launch in November 2010, the program has generated reports about 1,100 legitimate security issues that affected hundreds of Google's Web applications and services.

Google paid a total of $410,000 to more than 200 researchers for reporting 730 vulnerabilities that qualified for rewards. However, this is most likely just a fraction of what the company would have needed to pay in order to find the same number of vulnerabilities via professional security audits.

"Google has gotten better and stronger as a result of this work," Mein said. "We get more bug reports, which means we get more bug fixes, which means a safer experience for our users."

The company's other security reward program, which pays researchers for finding vulnerabilities in the Chromium open source browser -- the basis for Google Chrome --- has also been a big success, according to Google security engineer Chris Evans.

More at :-
http://www.infoworld.com/d/applications/google-exp...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Expert Contributor 12th Feb, 2012 17:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The CEOP browser provides easy one click lists for child protection advice

To mark yesterday's Safer Internet Day, Microsoft and the Child Exploitation and Online Protection Centre (CEOP) have released a new customised version of the Internet Explorer 9 (IE9) browser.

The update to CEOP's 2010 customised version of IE8 includes one-click access for Windows 7 users to both CEOP's homepage and the police agency's ThinkuKnow child safety website. Also included are menus offering direct links to relevant advice by category on both sites.

So for children the ThinkuKnow list contains information and advice by age group and the CEOP list offers parents valuable information on how to control their family's internet usage.

The customised browser also gives people instant access to CEOP if they wish to report suspicions or concerns they may have about online content or chat.


Read more: http://www.computeractive.co.uk/ca/news/2144907/ce...


--
Was this reply relevant?
+0
-0
mogs CClip 39
Expert Contributor 13th Feb, 2012 11:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

TicketWeb hit by a security breach

Hackers sent emails with malicious links to customers

By Carrie-Ann Skinner | PC Advisor | 13 February 12

UK ticketing site TicketWeb has suffered a security breach which saw emails containing malicious links sent to its customers.

On Saturday February 11, customers of the ticketing site reported receiving up to four emails all with the subject 'Action Required: Update Your PDF Application'. The email claimed the recipient's version of Adobe Reader was out of date and offered a link where they could download the new version. However, the link in fact lead to a malicious site that would have infected a PC had it been clicked.

More at :-
http://www.pcadvisor.co.uk/news/security/3336851/t...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Expert Contributor 13th Feb, 2012 11:28
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Kill Web Trackers Dead Abine's DoNotTrackPlus browser plug-in stops trackers in their tracks -- and it's free.
By Dan Tynan, ITworld Feb 12, 2012 4:49 pm

Here’s fair warning to all social media data scavengers, ad tracking companies, and analytics snoops on the InterWebs: There’s a new anti-tracking sheriff in town.

Online privacy company Abine Inc. last week unveiled a new browser widget called, appropriately enough, DoNotTrackPlus (because these days everything has to come with a plus sign -- thank you, Google). I’ve been taking it for a spin this morning and I gotta say it’s pretty slick.

DNT+ keeps more than 600 ad networks and other Web trackers from depositing tracking cookies on your hard drive. It also tells you who they are. Period, full stop. (However, it won't do anything about tracking cookies that have already been deposited on your computer; you'll have to manually delete those.)

•Everything you always wanted to know about Web tracking (but were too paranoid to ask)
•Abine updates Firefox add-on to block Web tracking
Getting DNT+ to work is painless -- download, click “Install,” and you’re done. I didn’t even have to restart my browser. Visit any site, and the DNT+ ticker in the upper right corner of your browser tells you how many Web trackers are embedded within it. Click the ticker to see the types of trackers and who they belong to.

Read more at :-
http://www.pcworld.com/article/249826/kill_web_tra...




--
Was this reply relevant?
+0
-0
mogs CClip 41
Expert Contributor 13th Feb, 2012 15:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Daemon Tools Collects Image File Details, Even Without Permission

There are very few people in the world that haven’t used at least once Daemon Tools to mount image files when playing games or installing applications, but few know that the latest variant of the software comes with a service that monitors the user’s activity and records information such as the .iso file’s details.


According to Within Windows, MountSpace, the service in question, designed to keep track of user statistics, sends the device's IP address along with other information, even identifying if the customer is new.

The most worrying fact is that Daemon Tools’ privacy policy doesn’t mention anything about collecting data and MountSpace doesn’t even have an actual policy. Their official site only displays some general guidelines, but nothing specific regarding monitoring or tracking.

While MountSpace is an optional service that theoretically can be disabled during the installation process of Daemon Tools, in reality, even if users chose not to install it, it’s not turned off.

The company may argue that by selecting the “Don’t allow MountSpace to use my mount statistics” option the stored information is flagged for deletion after it reaches the server, but since everything is done in this suspicious manner, no one can be sure.

The data that’s received or sent is stored in a folder found in AppData\Daemon Tools\ImageInfoCache.

More at :-
http://news.softpedia.com/news/Daemon-Tools-Collec...

--
Was this reply relevant?
+0
-0
mogs CClip 42
Expert Contributor 13th Feb, 2012 21:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla commits to Metro version of Firefox on Windows 8
First Microsoft browser rival to publicly stake out new app territory
Computerworld - Mozilla said yesterday that it will build a "proof-of-concept" version of Firefox for Windows 8's Metro touch-first interface next quarter, then follow that with more functional editions later in the year.

The company is the first of Microsoft's browser rivals to publicly commit to a Metro edition. Microsoft has said it will ship both Metro and traditional desktop versions of Internet Explorer 10 (IE10) with Windows 8 and Windows on ARM (WOA), the new OS targeting tablets and other low-powered devices.

Metro is Microsoft's label for the touch-enabled interface at the center of both Windows 8 and WOA. Windows 8 will run Metro and traditional 32- and 64-bit Windows applications, but WOA will run only those third-party apps designed for Metro.

In an update to its 2012 roadmap published Sunday, Mozilla said that it would craft a "technology proof of concept" of Firefox on Metro as a first step. "This is not [an] alpha or a beta, but should demonstrate the feasibility of Firefox in Windows 8 Metro," Asa Dotzler, the product director of Firefox, wrote in a roadmap overview

Read more at :-
http://www.computerworld.com/s/article/9224219/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Expert Contributor 13th Feb, 2012 21:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Terrific software and support ... for criminal botnet builders
Shadowy vendor of botnet construction kits based on Citadel Trojan provides platform with customer service that commercial software companies could learn from

By Woody Leonhard | InfoWorldFollow @infoworld


There's a new development platform on the market, and it boasts outstanding developer support.

The platform's all open source. There's a built-in developer message board, with threaded conversations and social networking features. The manufacturer not only responds to bug reports and feature suggestions, it assigns tracking numbers and, in the spirit of open source, accepts solutions both from the company's developers and from customers. The manufacturer puts new features up for a vote, implementing the ones that most developers want. The board's active, the manufacturer's responsive, and the product's reasonably stable and by all accounts quite profitable. There's even a user's manual, release notes, and a license agreement, all in Russian.

Welcome to Citadel. Botnet construction kits done right. SaaS techniques in the underground.

More at :-
http://www.infoworld.com/t/cyber-crime/terrific-so...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Expert Contributor 13th Feb, 2012 21:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Police warn of money-stealing computer virus
Malicious software impersonates the Metropolitan Police e-crime Unit (PCeU)
By Anh Nguyen | Computerworld UK | 13 February 12

The Metropolitan Police is warning the public to be aware of a computer virus that impersonates its e-crime unit in an effort to steal money from unsuspecting users.

The malicious software infects people's computers after users access certain websites. The police did not name specific sites, and only said that "various websites" were affected.

Once infected, the virus freezes and locks the PC, and a message (pictured) claiming to be from the Metropolitan Police Central e-crime Unit (PCeU) accuses the user of accessing pornographic websites and tells them that they have to pay a fine to unlock their computer.

"This is a fraud and users are advised not to pay out any monies or hand out any bank details.

"Genuine law enforcement agencies would never contact members of the public via this method and demand funds in this way," the police said.

More at :-
http://www.pcadvisor.co.uk/news/security/3337152/p...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Expert Contributor 13th Feb, 2012 22:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Panel-Based Download Manager Targeted for Firefox 13 Although Firefox 13 is a long way to go, the development team has mapped out the features they’re looking to integrate. One of them is a panel-based download manager, which would replace the current solution.

Improved user experience is the main reason for this, as the current model is not fully integrated with the Firefox design. Also, at the moment, the download manager is not optimized for several common use cases.

Firefox 13 should feature a unified download and browsing history that would offer the user a better way to handle download jobs, with separated management of running tasks and historical data.

The download panel will be anchored to a status indicator available in the main browser window, thus letting you know of the progress of the job. Plenty of the work required to roll out the feature has been done already, but there are still some things to take care of and there is also testing to be done.

http://news.softpedia.com/news/Panel-based-Downloa...

--
Was this reply relevant?
+0
-0
mogs CClip 46
Expert Contributor 14th Feb, 2012 10:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Symantec Warns of Microsoft Office Trojan

The exploit is being delivered in an e-mail containing a Microsoft Word document along with a .dll file.

February 13, 2012 Share
Symantec researchers have uncovered a Trojan that targets a previously patched Microsoft Office security flaw.

"The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email," writes SC Magazine's Dan Kaplan.

"The trojan, dubbed 'Activehijack' by Symantec, takes advantage of a vulnerability rated 'important' that was patched by Microsoft in September with bulletin MS11-073," Kaplan writes.

Go to "Trojan appears that leverages patched Microsoft Office flaw" to read the details.

http://www.esecurityplanet.com/windows-security/sy...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Expert Contributor 14th Feb, 2012 10:38
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
How to Tell if a Link Is Safe Without Clicking on It
Here's what to do with a link that looks suspicious.
By Justin Phelps, PCWorld

Even the best security software can’t protect you from the headaches you’ll encounter if you click an unsafe link. Unsafe links appear to be shortcuts to funny videos, shocking news stories, awesome deals, or “Like” buttons, but are really designed to steal your personal information or hijack your computer. Your friends can unknowingly pass on unsafe links in emails, Facebook posts, and instant messages. You’ll also encounter unsafe links in website ads and search results. Use these link-scanning tips to check suspicious links. All of these solutions are free, fast, and don’t require you to download anything.

Hover Over the Link
Sometimes a link masks the website to which it links. If you hover over a link without clicking it, you’ll notice the full URL of the link’s destination in a lower corner of your browser. For example, both of these links connect you to PCWorld’s home page, but you wouldn’t know that without hovering:

Click Here!

http://www.freerolexwatches.com/

Read more at :-
http://www.pcworld.com/article/248963/how_to_tell_...

--
Was this reply relevant?
+0
-0
mogs CClip 48
Expert Contributor 14th Feb, 2012 12:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Trustwave to escape 'death penalty' for SSL skeleton key

Moz likely to spare certificate-confession biz same fate as DigiNotar
By John Leyden • Get more from this author

Posted in Enterprise Security, 14th February 2012 09:28 GMT
Free trial - Windows Azure for 3 Months - unleash your imagination
Analysis Trustwave's admission that it issued a digital "skeleton key" that allowed an unnamed private biz to spy on SSL-encrypted connections within its corporate network has sparked a fiery debate about trust on the internet.

Trustwave, an SSL certificate authority, confessed to supplying a subordinate root certificate as part of an information security product that allowed a customer to monitor employees' web communications - even if the staffers relied on HTTPS. Trustwave said the man-in-the-middle (MitM) gear was designed both to be tamper-proof and to work only within its unnamed client's compound. Despite these precautions, Trustwave now admits that the whole approach was misconceived and would not be repeated. In addition, it revoked the offending certificate.


Trustwave came clean without the need for pressure beforehand. Even so its action have split security experts and prompted calls on Mozilla's Bugzilla security list to remove the Trustwave root certificate from Firefox.

More at :-
http://www.theregister.co.uk/2012/02/14/trustwave_...

--
Was this reply relevant?
+0
-0
mogs CClip 49
Expert Contributor 14th Feb, 2012 13:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google is right that digital certificate revocation checking is broken, but wrong to abandon the standard

By Roger A. Grimes | InfoWorldFollow @rogeragrimes

I'm still trying to wrap my head around Google's surprising revelation (in Google engineer Adam Langley's blog) that it will disable online certificate revocation checking in a future version of the Chrome browser. Standard across all the leading browsers, online revocation checking is the process of conducting a verification query of a certificate authority when presented with a new digital certificate tied to a particular website. Although the certificate revocation process is currently broken, as I'll explain below, Google's Chrome-only fix is problematic in a number of ways. And a much simpler fix -- for Chrome and every other browser -- is plain for all to see.

When your browser connects to an HTTPS-protected website, it will examine the digital certificate the site presents, locate the revocation link pointer embedded in the digital certificate (if it exists), then query the indicated certificate authority to determine whether the certificate has been revoked by the issuer. Common reasons for revocation include a compromise of the certificate owner's private key or just periodic certificate replacement, but a certificate can be revoked for any reason the issuer chooses. I've seen certificates revoked because the owner didn't pay the issuer in a timely manner.

Lots more to read at :-
http://www.infoworld.com/d/security/chrome-turns-i...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Expert Contributor 14th Feb, 2012 16:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FireEye warns 95 per cent of firms unable to defend against malware onslaught Ninety five per cent of all enterprises are exposed to malware on a daily basis because the volume and sophistication of threats is outpacing their ability to counteract these risks, according to security firm FireEye.
The extent of the risk was highlighted in a new report by the firm, based on its analysis of incidents at its global customers which have evaded traditional defences.
The report also underlined the growing threat posed by the malware-as-a-service industry, where crooks hire out networks of infected computers.
“What's happening is a segregation of the malware market, where someone else will invest in infecting machines, and someone else will look to rent this for whatever means they see as most profitable,” James Todd, European technical head at FireEye told V3.
In the second half of 2011, so called pay per install malware was the fastest growing category of malware identified.
Furthermore, the proliferation of zero-day attacks, targeted at vulnerabilities for which there is no security patch, is exposing enterprise data to significant risk of being compromised, said Todd.

More at :-
http://www.v3.co.uk/v3-uk/news/2152305/fireeye-war...

--
Was this reply relevant?
+0
-0
mogs CClip 51
Expert Contributor 14th Feb, 2012 16:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Twitter boosts website security with secure sign-on as default upgrade
by Gareth Morgan

Twitter's website security received a boost on Monday after the firm announced that it will use encryption by default when they sign into the micro-blogging website.
Last year, Twitter introduced the option to sign in via the HTTPS protocol, which ensures that log-on data is encrypted. Now Twitter is making HTTPS the default setting for users – although those that wish to can turn it off in their account settings.

More at :-
http://www.v3.co.uk/v3-uk/news/2152338/twitter-boo...

--
Was this reply relevant?
+0
-0
mogs CClip 52
Expert Contributor 14th Feb, 2012 17:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Cryptome whistleblower site reports hack
Someone has compromised the free-speech, anti-surveillance repository Cryptome.org and hid malware on the site that infected web surfers over the weekend, Cryptome.org reported.

A malicious PHP file was added to the site on Wednesday and a new directory was created that logged nearly 3,000 IP addresses between Wednesday and Sunday, according to a post on the site on Monday.

The Cryptome post said thousands of HTML files in the site's main directory were found to be contaminated with a malicious script that appeared to download exploits from the Blackhole Toolkit "that may compromise a computer though various vendor vulnerabilities", according to a Symantec description of the attack. This affects Windows platforms, Symantec says. Symantec had offered to investigate the hack, Cryptome.org added.

Meanwhile, Cryptome.org's post said the site was expected to be cleaned up by the end of Monday.

http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Expert Contributor 14th Feb, 2012 18:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dutch KPN Hacked, Email Services Suspended

KPN, a Dutch Internet service provider that has around two million account holders, discovered a data breach that affected their systems in January, but decided to keep everything a secret during the time in which the incident was being investigated.


Anonymous hackers took credit for the breach and even published a Pastebin file that contained the credentials of 500 customers to prove that they managed to gain access.

According to Sophos, KPN stated that the attackers gained access to core routers in the ISPs systems through vulnerable servers, but unfortunately, it seems that the company isn’t handling the incident too well.

On January 28, when the breach was discovered, after consultations with law enforcement and Dutch government agencies, the firm decided to keep everything a secret, allegedly to allow them to monitor the attacker’s moves.

More at :-
http://news.softpedia.com/news/Dutch-KPN-Hacked-Em...

--
Was this reply relevant?
+0
-0
mogs CClip 54
Expert Contributor 14th Feb, 2012 21:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Software industry slammed for poor patching practice Vendors are failing to help IT departments effectively patch vulnerabilities, as 2011 marked another low point for the software industry, according to a security company's report.

Too few vendors are being proactive in promoting patching and easing the burden for IT managers, Thomas Kristensen, chief security officer at Secunia, told IT Pro.

“Vendors in general should improve their communication to customers and the patch distribution mechanism (for consumers that would imply auto updating),” Kristensen said.

His comments came as Secunia’s annual patch report found none of the top 20 software providers, including tech giants like Apple, Microsoft and Google, were able to cut the number of flaws in their products over the past five years.

Despite massive security investments by the industry, vulnerabilities are still rising and increasing manifold.
Secunia slammed the software industry for remaining in “static mode.”

Vulnerabilities affecting typical end-points more than tripled to over 800. Over three-quarters of these were found in third-party, non-Microsoft programs, debunking the myth that the Redmond giant's products are responsible for many security holes within organisations.

More at :-
http://www.itpro.co.uk/638860/software-industry-sl...

--
Was this reply relevant?
+0
-0
mogs CClip 55
Expert Contributor 15th Feb, 2012 08:44
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
avast! 7 Free Public Beta Review Avast products need no introduction, as reaching the 190 million registered users mark, touted in a press release at the end of January, speaks volumes of its popularity. Out of these, 149 million are active. The same document shows that last year the user base grew by 49 million registrants.

The new version, though a public beta at the moment, boasts impressive progress both in terms of functionality as well as performance and versatility. Also, despite the fact that this is the free edition of the product, and components like firewall, anti-spam or process virtualization are left out, it continues to remain one of the most feature-rich anti-malware solutions on the market.

With this release comes a new installer, but the procedure is not much different from what we’ve seen in the previous builds. However, the new elements are noticeable right from the start, as this time around you can choose to install the application as a second line of defense by choosing “Compatible Install.”

The interface has been modified, but there is nothing too radical about the new looks, as they preserve the same layout as in the previous version. However, the recommendations to upgrade to Internet Security edition are now more obvious than ever.

On the same note, avast! Market is close by, offering avast!-branded products for backing up your data (25GB/1 year), crashed PC restoration (rescue disk) or for safekeeping passwords. Most of these are available with a $/€8.40 discount, but for Internet Security you get a $/€33.61 price cut.

Much more to read at :-
http://www.softpedia.com/reviews/windows/avast-Fre...

--
Was this reply relevant?
+0
-0
mogs CClip 56
Expert Contributor 15th Feb, 2012 09:05
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla outlines Firefox roadmap for 2012

Needs more than just quickfire releases
By Lawrence Latif
Tue Feb 14 2012, 17:39
OPEN SOURCE software outfit Mozilla has outlined its Firefox roadmap for 2012 by saying in effect that it wants to catch up with Google's Chrome.
Mozilla's Firefox web browser was once the answer for those who wanted to get away from Microsoft's shoddy and languishing Internet Explorer web browser. In the last two years however, Google's Chrome has seemingly come from nowhere to steal some of Firefox's thunder and it seems Mozilla wants to regain its position as the top web browser by implementing features that are already in Chrome.
In Mozilla's roadmap the outfit said Firefox for the desktop will have features such as synchronising add-ons and silent update, both features present in Chrome. Perhaps recognising the competition, Mozilla will even offer migration for Chrome users moving to Firefox.
Apart from trying to compete directly with Chrome, Mozilla aims to improve add-on compatibility and developer tools, speed up session restore and produce a 'proof of concept' for the Windows 8 Metro interface.

More to read at :-
http://www.theinquirer.net/inquirer/news/2152463/m...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Expert Contributor 15th Feb, 2012 10:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, February 14, 2012 | 17:16
Labels: Dev updates
The Dev channel has been updated to 19.0.1041.0 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:

Make speech input bubble borders close with the bubble [Issue: 112194]
Fixed stability issues [Issues: 113531, 113492, 113654, 113546, 113847, 114011]

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 58
Expert Contributor 15th Feb, 2012 11:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
STRATFOR Customers Targeted with Malware

E-mails warning of malicious attachments include a link that delivers a variant of the ZBot Trojan.

Microsoft is warning that customers of STRATFOR are still being targeted by malicious spam.

"The messages themselves, ironically enough, are warnings that advise those impacted by the breach to avoid these exact types of scams," writes The Tech Herald's Steve Ragan. "The messages arrive with a PDF attachment, named simply 'stratfor.pdf.' Once opened, the PDF displays a letter discouraging the reader from opening emails and attachments from 'doubtful senders' and encourages them to 'check all e-mails and attachments with antivirus.'"

"The message is mostly harmless at this point, aside from the link to download the anti-virus software," Ragan writes. "The link itself points to either a server in Turkey or Poland, and serves a variant of the ZBot Trojan, which will siphon off personal information including passwords and financial details."

Go to "Stratfor customers plagued by malicious emails" to read the details.

http://www.esecurityplanet.com/malware/stratfor-cu...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Expert Contributor 15th Feb, 2012 11:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 15th Feb, 2012 21:15
Adobe Patches Critical Shockwave Vulnerabilities

The flaws affect Adobe Shockwave Player 11.6.3.633 and earlier, for both Mac and Windows.

Adobe has released a Shockwave Player update that patches at least nine critical security flaws.

"According to an advisory from Adobe, the flaws affect Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems," writes ZDNet's Ryan Naraine.

"'These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634,' the company said," Naraine writes.

Go to "Adobe plugs critical holes in Shockwave Player" to read the details.

http://www.esecurityplanet.com/patches/adobe-patch...

--
Was this reply relevant?
+0
-0
mogs CClip 60
Expert Contributor 15th Feb, 2012 21:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Mozilla to ask certificate authorities to revoke SSL-spying certificates
Mozilla's planned grace period for man-in-the-middle sub-CA certificate revocations could pose issues

By Lucian Constantin

IDG News Service - Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect SSL-encrypted traffic for domain names they don't control.

The plan, whose details are still being worked out, is Mozilla's response to Trustwave's recent claim that the use of such certificates for SSL (Secure Sockets Layer) traffic management within corporate networks is a common practice.

After a week of debating whether to punish Trustwave for violating its CA Certificate Policy, Mozilla has decided to send a communication to all certificate authorities asking that they come clean about similar certificates and to revoke them.

"My intent is to make it clear that this type of behavior will not be tolerated for subCAs chaining to roots in NSS [Mozilla's Network Security Services], give all CAs fair warning and a grace period, and state the consequences if such behavior is found after that grace period," said Kathleen Wilson, the owner of Mozilla's CA Certificates Module, in an entry on Bugzilla.

More at :-
http://www.computerworld.com/s/article/9224249/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Expert Contributor 15th Feb, 2012 21:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome Stable Update
Wednesday, February 15, 2012 | 12:00
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.56 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash. More info on the Flash update is available from Adobe.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 62
Expert Contributor 15th Feb, 2012 21:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Crypto experts call RSA certificates flawed
Researchers analyzed millions of X.509 public-key certificates and found a shockingly high frequency of duplicate RSA-moduli keys.

By Ellen Messmer

Cryptography researchers collected millions of X.509 public-key certificates that are publicly available over the web and found what they say is a shockingly high frequency of duplicate RSA-moduli keys.

"We performed a sanity check of public keys collected on the web,” the researchers state in their paper, published today and titled "Ron was wrong, Whit is right." The researchers, who include Arjen Lenstra, James Hughes, Maxime Augier, Joppe Bos, Thorsten Kleinjung and Christophe Wachter, note in the paper that they found a shockingly high number of duplicate secret keys in what is supposed to be unique random-number generation in RSA-based moduli.

The researchers said in an examination of 6.4 million distinct X.509 certificates and PGP keys containing RSA moduli, 71,052 (1 percent) occur more than once, some of them thousands of times. "Overall, over the data we collected, 1024-bit RSA provides 99.8 percent security at best," the paper states.

"More seriously, we stumbled upon 12,720 different 1024-bit RSA moduli that offer no security," the researchers say in their paper. "Their secret keys are accessible to anyone who takes the trouble to redo our work."

The researchers summarized their findings by saying, "We find the vast majority of public keys work as intended. A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security."

More at :-
http://www.infoworld.com/d/security/crypto-experts...

--
Was this reply relevant?
+0
-0
mogs CClip 63
Expert Contributor 15th Feb, 2012 21:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
New Trojan Using Microsoft Office Exploit Found in the Wild

Written by
Ravi Mandalia..
15 February, 2012symantec microsoft office vulnerability trojan

Symantec has detected a Trojan which targets an already patched Microsoft Office security flaw. This Trojan is delivered via an e-mail which contains a Microsoft Word document and a .dll (Dynamic Link Library) file.

The moment a user opens the email that user's system would be infected with the Trojan. In an official Symantec blog, Takayoshi Nakayama, a researcher at Symantec, stated that the exploiter has utilised an ActiveX control that has been embedded in the Word document and further stated "When the Word document is opened, the ActiveX control calls fputlsat.dll which has the identical file name as the legitimate .dll file used for the Microsoft Office FrontPage Client Utility Library."


According to the researcher once the flaw is exploited successfully by the attacker, malware is dropped onto the system. The researcher has warned that anyone receving an email with an attachment containing 'fputlsat.dll' should be extra careful.



Read more: http://www.itproportal.com/2012/02/15/new-trojan-u...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Expert Contributor 15th Feb, 2012 21:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google.com Appointed as Malware by Microsoft Security Essentials

Users who protect their computers using Microsoft’s Security Essentials were alarmed by a warning message that claimed google.com was infected with a piece of malware called Exploit:JS.Blacole.BW, or better known as the Blackhole Exploit Kit.


According to Brian Krebs, the security solution started naming the world’s most popular search engine as being malicious after Microsoft released the February 2012 security updates.

“The alerts appear to be the result of a ‘false positive’ detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free ‘Security Essentials’ antivirus software,” Krebs said.

Microsoft support forums were becoming flooded with concerned and annoyed customers who didn’t know what to make of the detection. All of them claimed that everything started after they installed the latest security update provided by the Redmond company.

A few hours later, Microsoft representatives responded to the inquiry of a customer to say that they were investigating the issue.

More at :-
http://news.softpedia.com/news/Google-com-Appointe...

--
Was this reply relevant?
+0
-0
mogs CClip 65
Expert Contributor 16th Feb, 2012 09:29
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Royal Philips Electronics Hit by Security Breach

The compromised server was shut down within an hour after employees discovered the breach.

February 15, 2012 Share
Royal Philips Electronics has reported that it experienced a "possible security event" affecting part of its Web site on Monday.

"The compromised server was shut down within an hour of Philips employees discovering the breach, the company said," writes PCWorld's Grant Gross.

"'We are currently assessing the nature and extent of information that may have been accessed and a full investigation is in place,' the company said in a statement," Gross writes.

Go to "Royal Philips Electronics Reports Web Security Breach" to read the details.

http://www.esecurityplanet.com/network-security/ro...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Expert Contributor 16th Feb, 2012 15:55
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 16th Feb, 2012 16:00
Beta Channel Update
Wednesday, February 15, 2012 | 17:18
Labels: Beta updates
The Beta channel has been updated to 18.0.1025.33 for (All|Windows|Mac|Linux|ChromeFrame) platforms

All
Updated V8 - 3.8.9.6
Fixed several crashes (Issues: 110943, 110234, 110176, 108986)
Sync: Conflicting sync entries should not be committed (Issue: 82236)
Back button frequently hangs (Issue: 93427)
Fixed Speech input bubble borders don't closing (Issues: 98323, 112194)
Improved the quality of the omnibox
Mac
Fixed Gap between download shelf and vertical scrollbar (Issue: 111266)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 67
Expert Contributor 16th Feb, 2012 16:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

The next-generation IPv6 internet is now suffering distributed denial-of-service attacks, and is struggling to combat the threat, according to a new study.


A study has found that the IPv6 internet is now experiencing DDoS attacks — although only four percent of survey respondents reported seeing them.
Image credit: Arbor Networks
"This is a significant milestone in the arms race between attackers and defenders," Arbor Networks said in its latest annual study on the internet's operational security, released on Wednesday. "We believe that the scope and prevalence of IPv6 DDoS attacks will gradually increase over time as IPv6 is more widely deployed."

Only four percent of survey respondents reported seeing IPv6 DDoS attacks. However, Arbor reported two problems that make IPv6 particularly vulnerable. First, with the relatively immature network infrastructure, many network operators do not have the ability to scrutinise network traffic well enough to distinguish DDoS attacks from benign traffic. Second, gateways that link IPv4 and IPv6 must store lots of 'state' information about the network traffic they handle, and that essentially makes them more brittle.

http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 68
Expert Contributor 16th Feb, 2012 16:09
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Chrome 17.0.963.56 Released to Address 7 High Risk Vulnerabilities

The latest stable version of the popular Google Chrome web browser has been updated to the 17.0.963.56 version to address a total of 13 security holes, 7 of which were considered to be high risk.


These high-risk vulnerabilities include an integer overflow in PDF codecs, a possible user-after-free in database handling, a heap overflow in path rendering, a heap buffer overflow in MKV handling, a use-after-free issue in subframe loading, an integer overflow in libpng, and a bad cast in column handling.

The individuals who contributed to these findings were awarded a total of $5,337 (3,735 EUR).

The identification of the 5 medium severity vulnerabilities was rewarded by Google with $1,500 (1050 EUR). These weaknesses include a read-after-free with counter nodes, a native client validator error, the inappropriate use of HTTP for translation scripts, a use-after-free issue with drag and drop, and an out of bounds reads in h.264 parsing.

The low-risk security hole identified by chrometot refers to a browser crash with empty x509 certificates.

Other contributors include Jüri Aedla, Sławomir Błażek, pa_kt, Arthur Gerkis, Aki Helin of OUSPG, and miaubiz. Scarybeasts from the Google Chrome Security Team, and Mateusz Jurczyk of the Google Security Team also contributed.

Chrome 17.0.963.56 for Windows, Mac, Linux and Chrome Frame also includes a new version of Flash, released to address a number of vulnerabilities, including a cross-site scripting (XSS) flaw that is currently being exploited.

http://news.softpedia.com/news/Chrome-17-0-963-56-...


--
Was this reply relevant?
+0
-0
mogs CClip 69
Expert Contributor 16th Feb, 2012 16:12
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Anonymous Wants Internet Blackout, Targets 13 "Root" DNS Servers

A Pastebin post, allegedly published a few days ago by members of Anonymous, reveals the hacktivists’ intentions to shut down the Internet on March 31 by going after “the 13 root DNS servers of the Internet.”


While many may argue that this is a hard to accomplish task, it seems as the plan is already laid out. A number of 13 IP addresses are listed, which allegedly belong to the 13 DNS servers.

The initiators of this attack, part of Operation Global Blackout, are aware of the fact that the Internet can’t be simply unplugged, but they’re confident that the sites to suffer as a result of this outage will draw enough attention to their cause.

“By cutting these off the Internet, nobody will be able to perform a domain name lookup, thus, disabling the HTTP Internet, which is, after all, the most widely used function of the Web,” the hackers write.

More at :-
http://news.softpedia.com/news/Anonymous-Wants-Int...

--
Was this reply relevant?
+0
-0
mogs CClip 70
Expert Contributor 16th Feb, 2012 16:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Hackers Exploit Flash Player Vulnerability, Adobe Responds

A zero-day vulnerability that exists in Adobe Flash Player 11.1.102.55 and earlier for Windows is currently being exploited by cybercriminals who social engineer users into clicking on malicious links sent via email. In response to the flaw that apparently affects only Internet Explorer customers, Adobe released Flash Player 11.1.102.62.


The zero-day is actually a cross-site scripting (XSS) vulnerability that can be utilized to perform actions on a user’s behalf on any site. This attack is successful only if the potential victim can be tricked into clicking on the cleverly designed link, but as practice shows, this is not a hard task for most cybercrooks.

Besides the XSS problem, six other vulnerabilities were identified not only affecting customers of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Mac, Solaris and Linux users, but also some Android users.

More at :-
http://news.softpedia.com/news/Hackers-Exploit-Fla...

--
Was this reply relevant?
+0
-0
mogs CClip 71
Expert Contributor 17th Feb, 2012 09:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Life after death trick could be exploited by cyber-crooks
By John Leyden
Posted in Security, 16th February 2012 19:01 GMT

Analysis Cyber-crooks may be able to keep malicious domains operating for longer - even after they are revoked - by manipulating the web's Domain Name System (DNS).

A weakness in the cache update logic of many widely used DNS servers creates the potential to establish so-called ghost domains, according to a recent joint study by a team of researchers from universities in China and the US. These DNS servers are critical to the running of the internet: they convert human-readable domains into numeric addresses that networking kit can understand in order to route, say, page requests to the right websites.


In their paper Ghost Domain Names: Revoked Yet Still Resolvable, the researchers – Jian Jiang, Jinjin Liang, Kang Li, Jun Li, Haixin Duan and Jianping Wu – explain:

Attackers often use domain names for various malicious purposes such as phishing, botnet command and control, and malware propagation. An obvious strategy for preventing these activities is deleting the malicious domain from the upper level DNS servers.
In this paper, we show that this is insufficient. We demonstrate a vulnerability affecting the large majority of popular DNS implementations which allows a malicious domain name to stay resolvable long after it has been removed from the upper level servers.

Read more at :-
http://www.theregister.co.uk/2012/02/16/ghost_doma...

--
Was this reply relevant?
+0
-0
mogs CClip 72
Expert Contributor 17th Feb, 2012 11:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Salesforce's Vivek Kundra argues that more information needs to be shared about cyber threats worldwide
By Hamish Barwick | Computerworld Australia | 17 February 12

The formation of a global cyber security group similar to the World Health Organisation (WHO) is required in order to share vital information, according to former United States Federal Government chief information officer, Vivek Kundra.

Speaking at the Australian Information Industry Association (AIIA) Summit in Canberra, Kundra, who is now executive vice-president of emerging markets for Salesforce.com, said the proposal came as a result of trying to securely manage 2094 data centres during his CIO tenure at the White House.

"In the context of federal [government] systems, we realised that with 2094 data centres we were not very secure," Kundra said. "The fragmented infrastructure and uneven talent distribution in terms of managing those data centres was creating vulnerabilities."

Another problem Kundra faced was US government officials sometimes believing that because they owned and operated the system, they were more secure. "If you think about national security, our [US] command and control infrastructures have been under attack since the days of the Pony Express," he said.

More to read at :-
http://www.pcadvisor.co.uk/news/security/3338231/w...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Expert Contributor 17th Feb, 2012 12:21
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
How to Block Websites
Blocking all users of a Windows PC from opening certain websites--no matter what browser they use or what time of day they are online--is easy if you follow this guide to tweaking your browser and router.
By Justin Phelps, PCWorld

Want to block all users of a Windows PC from opening certain websites, regardless of the browser they use or the time of day? You need only make a few simple additions to the Windows hosts file. This method is straightforward and free, and it doesn’t require you to download or install any additional software. It's an effective method for restricting users of all ages from seeing the content you don’t want them to access.

Read more at :-
http://www.pcworld.com/article/249077/how_to_block...

--
Was this reply relevant?
+0
-0
mogs CClip 74
Expert Contributor 17th Feb, 2012 15:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

RSA brushes off crypto research findings that RSA algorithm is flawed
RSA says researchers' results don't indicate a fundamental flaw in the RSA algorithm but more likely a problem with implementing it

By Ellen Messmer | Network World


After having its flagship RSA crypto system called flawed this week by prominent researchers in a paper they made available online, EMC's RSA security division struck back by saying the paper's results don't indicate a fundamental flaw in the RSA algorithm but more likely a problem with implementing it.

"On Feb. 14th, a research paper was submitted for publication stating that an alleged flaw has been found in the RSA encryption algorithm," RSA said Thursday in a statement. "Our analysis confirms to us that the data does not point to a flaw in the algorithm, but instead points to the importance of proper implementation, especially regarding the exploding number of embedded devices that are connected to the Internet today."

Ari Juels, chief scientist for RSA, told Network World that "the study is useful" as it pertains to the "failures of crypto protocols during random-number generation." But he faults its core idea that the RSA algorithm is somehow fundamentally flawed.

More at :-
http://www.infoworld.com/d/security/rsa-brushes-cr...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Expert Contributor 17th Feb, 2012 15:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Memory Corruption Vulnerability Found in Skype 5.6.59.x

Vulnerability Lab researchers identified a high risk memory corruption flaw that affects the 5.6.59.x versions of the popular messaging applications. By exploiting this flaw, an attacker could remotely crash a computer that’s running Windows 7 simply by sending a file from a Linux client.


The experts demonstrated this vulnerability, found in the file transfer module, by sending a file from Skype v2.2.0.35 Beta for Linux to a contact that was running Skype 5.6.59.10 on a Windows 7 x64 operating system. This transfer resulted in a stable memory corruption on the Windows client side.

More at :-
http://news.softpedia.com/news/Memory-Corruption-V...

--
Was this reply relevant?
+0
-0
mogs CClip 76
Expert Contributor 17th Feb, 2012 19:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft collects measurements to speed up Internet Explorer

Could save time by downloading Chrome or Firefox SOFTWARE REDEVELOPER Microsoft is taking 5.7 million measurements a day to help it make Internet Explorer the fastest web browser on the market.
Microsoft had been panned for its years of neglect of the Internet Explorer web browser and letting it become a security nightmare. In an attempt to show how seriously it takes Internet Explorer development today, Microsoft said it is running round-the-clock tests in its Internet Explorer Performance Lab as it rather belatedly tries to make its browser the fastest on the market.
For Microsoft, Internet Explorer is one of the firm's major consumer facing applications and with rival outfits Google and Mozilla promoting faster web browsing, Microsoft knows it can't be left behind again. The firm claims to measure Internet Explorer's performance loading content and web applications through peusdo real-world testing down to the nanosecond level.
Microsoft's Internet Explorer Performance Lab uses over 120 machines of varying hardware specifications to try to resolve Internet Explorer's performance issues. Curiously Microsoft decided not to connect these machines to the internet but to its own managed network, where it tries to simulate different connections, effectively creating a little version of the internet.
There's little doubt Microsoft is taking Internet Explorer performance seriously. Its considerable resources should mean it can outspend some of its rivals, however with Mozilla's Firefox and Google's Chrome eating up Internet Explorer's market share, all this testing is perhaps five years too late

http://www.theinquirer.net/inquirer/news/2153328/m...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Expert Contributor 17th Feb, 2012 19:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malware Spreads as Microsoft Silverlight Content Sent by Facebook

Researchers from Barracuda Labs discovered a series of malicious emails that allegedly come from Facebook and bear an attachment that’s allegedly available only if Microsoft Silverlight is installed.

The phony message claims that the user’s account information “has been changed,” but provides no other details, except for a large image that urges the recipient to install Silverlight.


Once the image link is clicked, the victim is served a .pif file from a server located in Malaysia. If run, the pif file, which is similar to executable files, drops a payload identified as Trojan.Win32.Jorik.

Since the entire process is similar to the one in which the legitimate Silverlight is downloaded and installed, the victim may not be aware of the fact that in reality he/she downloaded a keylogger that is designed to steal all the usernames and passwords utilized in web pages and applications.

More at :-
http://news.softpedia.com/news/Malware-Spreads-as-...

--
Was this reply relevant?
+0
-0
mogs CClip 78
Expert Contributor 17th Feb, 2012 22:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
From earlier in the week...........more info :-
Microsoft Mistakenly Claims Google Home Page Infected With Blackhole


Microsoft quickly updated its security tools after users reported seeing warnings that Google's home page was infected with the Blackhole exploit kit.

Microsoft's Forefront corporate security products and the consumer-focused Security Essentials anti-malware software were updated Feb. 14, shortly after the company announced nine bulletins for its scheduled Patch Tuesday release. Corporate users trying to access Google's home page through the Forefront TMG proxy were warned that the search page was infected, Manuel Humberto Santander Pelaez, wrote on the SANS Institute's Internet Storm Center Diary.

"Access to the requested file is blocked due to a detected infection," the message said, before identifying the infection as Exploit:JS/Blacole.BW.

Pelaez analyzed the packets and was unable to find anything wrong. Security writer Brian Krebs saw a similar warning on a Windows XP machine running Microsoft Security Essentials. Microsoft's Technet support forums were full of questions from concerned users and administrators.

"For whatever reason, Microsoft's security software thought Google's home page was infected with a Blackhole Exploit Kit," Krebs wrote.

The Blackhole exploit kit is a popular attack kit used to compromise legitimate Websites and direct users to malicious portals that download more malware, steal data or perform other nefarious acts. The kit is regularly updated with new exploits and can be used to launch attacks targeting vulnerabilities in Java, Adobe and Microsoft products.

Leak repository Cryptome disclosed it had recently been infected with Blackhole and may have redirected about 2,900 visitors to malicious sites. The kit was the source of about 95 percent of all malicious links identified by M86 researchers between July and December 2011.

False positives happen with security products, and Microsoft was able to push out a new update within four hours to fix the problem.

"Microsoft AV team is removing the detection from Signature. 1.119.1986.0 or higher will contain this change," Microsoft Support said.

As false positives go, this was a minor one, as the security tool did not try to remove or modify files in order to clean up the perceived threat. If the user clicked on the "remove" option to clean the infection, the software reported that it was unable to find the threat, according to Krebs.

Interestingly enough, it appears that the false positive was detected when users landed on the Google home page using the Internet Explorer Web browser or actually performed a search using Mozilla Firefox. Google Chrome or Safari users did not appear to have seen the warning. Some users on Technet reported seeing warnings on any site using Google Adwords or Google Analytics.

http://securitywatch.eweek.com/microsoft/microsoft...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Expert Contributor 18th Feb, 2012 21:34
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

The lowdown on Google's Safari tracking cookies
By Brad Reed
February 17, 2012
Network World - A grad student has caught Google with its hand in the cookies jar.

Jonathan Mayer, a graduate student at Stanford, caused a major stir this morning when he published research showing how Google used loopholes within Apple's Safari browser cookie-blocking policy to place unexpected third-party cookies within the browser. In this article we'll detail Mayer's findings and their implications for Safari users.

ANALYSIS: 5 key points from Google's privacy policy letter to Congress

A GOOGLE REED-ER: Tech's original Great Satan calls out Google for being evil

What are cookies and why should I care?

For the uninitiated, cookies are HTTP headers that are used by websites to track users' behavior when visiting their sites. Some cookies, however, are not used by first-party websites that the user is visiting but by third-party websites such as advertisers who happen to have links embedded onto the website the user is visiting. Apple's cookie-blocking technology is intended to block the cookies employed by these third-party sites so that users don't find themselves tracked by every single advertiser they come across on the Web. What's more, Apple enables cookie blocking on its Safari browser as a default setting, meaning that Safari users have typically felt comfortable browsing the Web without fear of being tracked by third-party cookies.

So what has Google done to circumvent Safari's protections?

Read more at :-
http://www.computerworld.com/s/article/9224376/The...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Expert Contributor 18th Feb, 2012 21:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
FBI to Take Out Internet on March 8?

Written by
Ravi Mandalia

18 February, 2012trojan internet fbi dns

The Federal Bureau of Investigation is reportedly planning to temporarily shut down a number of domain name servers on the coming March 8, thus restricting web access to millions of computers worldwide.

Apparently, the action will be taken by the FBI to engage and nullify a threat named DNSChanger Trojan, known for its ability to alter the DNS settings in the victims' computers, and thus forcing them to visit to certain unsavoury sites.

DNSChanger Trojan was allegedly designed and unleashed in the webspace by six Estonian nationals who were later apprehended by the country's authorities last year. The malware spread rather quickly and infected computer systems in over 100 countries.

According to reports, half a million computers have already been infected by the malware in the US alone, thus forcing FBI to take this decisive step in order to tackle the issue once and for all.



Read more: http://www.itproportal.com/2012/02/18/fbi-to-take-...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Expert Contributor 18th Feb, 2012 21:53
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Google bristles at reports of Safari privacy violations
by Shaun Nichols


Google is speaking out in the wake of a report that the company's search engine bypasses privacy protections in Apple's Safari browser.
The Wall Street Journal cited a Stanford University researcher in reporting that the company was ignoring settings on Safari intended to block tracking tools. Google platforms were reportedly able to log user activity on both the OS X and iOS versions of the browser.

The paper reported that after it contacted Google, the company disabled the offending components.
Google, however, is claiming that the report "mischaracterises" the issue. In a statement provided to V3, Google senior vice president of communications and public policy Rachel Whetstone said that the code was used to provide services for users who had logged into their Google accounts.
"To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization," Whetstone said.
"But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous, effectively creating a barrier between their personal information and the web content they browse."
What the company did not intend to enable, however, was the use of cookies by third party advertisers. Google said that the cookies were not collected personal information and that it would be removing the cookies from affected systems.

More at :-
http://www.v3.co.uk/v3-uk/news/2153458/google-bris...

--
Was this reply relevant?
+0
-0
mogs CClip 82
Expert Contributor 20th Feb, 2012 10:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Truth About the March 8 Internet Doomsday
While it's true some users may lose their Internet access next month, it's not the FBI's fault
By Christina DesMarais | PC World | 20 February 12

Heard the one about the FBI shutting down the Internet next month?

Like many memes before it, this dire warning is floating around blogs and sites. It even names a date: March 8 as the day the FBI might "shut down the Internet." But relax, that's not really the case.

While yes, an untold number of people may lose their Internet connection in less than three weeks, if they do they only have nefarious web criminals to blame and certainly not the FBI.

If people end up in the dark on March 8 it's because they're still infected with the malware the FBI started warning people about last November when it shut down a long-standing Estonian Web traffic hijacking operation that controlled people's computers using a family of DNSChanger viruses. The malware works by replacing the DNS (Domain Name System) servers defined on a victim's computer with fraudulent servers operated by the criminals. As a result, visitors are unknowingly redirected to websites that distributed fraudulent software or displayed ads that put money into the bad guys' pockets.

More at :-
http://www.pcadvisor.co.uk/news/security/3338622/t...

--
Was this reply relevant?
+0
-0
mogs CClip 83
Expert Contributor 20th Feb, 2012 11:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Web Tracking: Is this a Big Deal?
Web tracking companies say anonymous tracking is harmless. What's the real story? Here are two scenarios where online tracking can come back to bite you.
By Dan Tynan, ITworld

You might say TY4NS has a one-track mind these days. Today’s topic: How bad is online tracking, really?

The harm from having your movements tracked across the Web depends in part on how anonymous this data really is. For example, the Ghostery folks put together a clever Periodic Table of the most common 100 Web trackers, using data from its GhostRank surveys.

See/read more at :-
http://www.pcworld.com/article/250277/web_tracking...

--
Was this reply relevant?
+0
-0
mogs CClip 84
Expert Contributor 20th Feb, 2012 15:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

By John Leyden
Posted in ID, 20th February 2012 14:01 GMT

Google is developing a password-generating tool that will bolt into its Chrome browser.

The technology is designed to painlessly create hard-to-guess passwords when users sign up to websites. Whenever a site presents surfers with a field requiring a password, Chrome will display a key icon, giving users the option of allowing the browser to generate the secret for them. This password, provided a user accepts it and it meets the site's security criteria, is reused next time the site is accessed.


Google is positioning the technology as an interim workaround for the well-known shortcomings of asking humans to come up with memorable non-trivial passwords, until more websites support OpenID, which Google views as a long-term solution to the problem.*

The ad brokering giant neatly summarises the pitfalls of password use that makes its tool potentially useful:

Passwords are not a very good form of authentication. They are easy to use but they are trivial to steal, either through phishing, malware, or a malicious/incompetent site owner (Gawker, Sony, etc.) Furthermore, since people are so apt to reuse passwords losing one password leaks a substantial amount of your internet identity.

Read more at :-
http://www.theregister.co.uk/2012/02/20/google_bro...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Expert Contributor 20th Feb, 2012 22:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
McAfee to update problem Firefox extension
By Tom Espiner , 20 February, 2012 12:24

McAfee has said it will update a Firefox extension that Mozilla developers had identified as causing performance issues for Firefox users.

The problem is caused by a memory leak in the McAfee Site Advisor add-on, and will be updated around Wednesday this week, McAfee told ZDNet UK sister site CNet.com on Friday.

"McAfee is aware of a memory leak associated with SiteAdvisor 3.4.1 affecting some Firefox 10 users, resulting in a potentially slower than normal browsing experience," McAfee said in the statement. "No data is at risk. The issue has been isolated and resolved, and fix deployment is targeted for the middle of next week."

Read more at :-
http://www.zdnet.co.uk/blogs/security-bullet-in-10...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Expert Contributor 20th Feb, 2012 22:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
HijackThis Goes Open Source

Written by
Desire Athow
..
20 February, 2012hijack this trend micro hackers hacking

Security software maker Trend Micro has given its security application, Hijackthis, to the open source community, the company announced.

The source code for HijackThis, which was written in VisualBasic, is now available for the developers community at SourceForge.

HijackThis is a popular program produced by Trend Micro that specialises in scanning users' computers for any changes carried out by malware, spyware or other external threats.

The program generates a detailed report after the initial scan that experienced users can exploit to identify any potential threats affecting their systems.


The program's log files are extensively used by security communities all across the world for helping malware victims to detect and eliminate any dangers.



Read more: http://www.itproportal.com/2012/02/20/hijackthis-g...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Expert Contributor 20th Feb, 2012 22:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla gives CAs a chance to come clean about certificate policy violations
Mozilla asks CAs to revoke all sub-CA certificates that are used for SSL traffic interception, or face penalties if found out later

By Lucian Constantin

IDG News Service - Mozilla has asked all certificate authorities (CAs) to revoke subordinate CA certificates currently used for corporate SSL traffic management, offering an amnesty to any CAs that had breached Mozilla's conditions for having their root certificates ship with its products.

The request comes after Trustwave recently admitted to issuing a sub-CA certificate to a private company for use in a data loss prevention system.

Sub-CA keys can be used to sign SSL certificates for any domain name on the Internet, which makes them very dangerous if they fall in the wrong hands.

Even though Trustwave argued that the sub-CA key in question was stored in a hardware security module (HSM), making it irretrievable, the fact that such a powerful certificate was issued to a private company that wasn't a certificate authority, represents a violation of Mozilla's policy for CAs.

More at :-
http://www.computerworld.com/s/article/9224406/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Expert Contributor 21st Feb, 2012 14:54
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Microsoft doubles support lifespan for consumer Windows 7, Vista
Will patch Windows 7 until 2020, Vista until 2017


By Gregg Keizer
February 20, 2012 08:23 PM ET1 Comment
Computerworld - Microsoft has quietly extended support for the consumer versions of Windows 7 and Windows Vista by five years, syncing them with the lifespan of enterprise editions.

The move is part of a revamp of the company's support policies for its operating systems, Microsoft said.

Previously, Microsoft had committed to support consumer software with security updates, and bug and stability fixes, for five years, a period designated as "mainstream" support. Meanwhile, business software was supported for at least 10 years: The first half in mainstream support, the second in "extended" support.

During extended support, Microsoft provides security patches to everyone, but offers other fixes only to organizations that have signed support contracts with Microsoft.

Until the change, Vista's consumer editions -- Home Basic, Home Premium, Starter and Ultimate -- were to be retired from support in less than two months, on April 10, 2012. The new policy extends that date to April 11, 2017.

Read more at :-
http://www.computerworld.com/s/article/9224434/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Expert Contributor 21st Feb, 2012 15:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Microsoft claims Google bypassed its browser privacy too

P3P policy flaw gave automatic access
By Iain Thomson in San Francisco • Get more from this author

Posted in ID, 20th February 2012 22:26 GMT
Get more for free on Orange Business Solo 25
Updated Microsoft has released data showing that Google has been bypassing the user-defined privacy settings in Internet Explorer by using incorrect P3P identification terms.

“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too?” Dean Hachamovitch, VP of Internet Explorer wrote in a blog post. “We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”

Redmond had been rather pleased about the fact that it hadn’t suffered the same kind of problems as Apple against Google’s quest for information on users. But now it claims Google has got to its users, too, by circumventing protections guaranteed by the Platform for Privacy Preferences (P3P) system its browser supports.

Read more at :-
http://www.theregister.co.uk/2012/02/20/microsoft_...

--
Was this reply relevant?
+0
-0
mogs CClip 90
Expert Contributor 21st Feb, 2012 18:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Researchers defeat video CAPTCHA antispam tests
Security researchers have found a way to beat NuCaptcha video-based security tests that websites use to stop spam bots

By Lucian Constantin
February 21, 2012 09:03 AM ET
IDG News Service - A team of researchers has devised a method to defeat NuCaptcha, one of the most popular video-based antispam tests on the Internet, and have proposed a solution to increase its resilience to attacks.

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" and is meant to protect websites from automated spam bots.

Most people are familiar with image-based CAPTCHAs that require users to input a string of distorted characters in order to prove that they are human. However, there are also audio and video variants of such tests.

NuCaptcha is a video-based CAPTCHA implementation that uses animation techniques in order to make it harder for spam bots to decipher the characters. Its creators claim that NuCaptcha has the highest usability and security levels of any CAPTCHA on the market

More at :-
http://www.computerworld.com/s/article/9224439/Res...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Expert Contributor 22nd Feb, 2012 10:20
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
ICO 'enquiring' about Google's system for serving 3rd-party cookies

Questions after Microsoft slams Chocolate Factory on privacy
By OUT-LAW.COM •

Posted in Law, 22nd February 2012 08:01 GMT

Microsoft has claimed that Google has been serving third-party cookies capable of tracking users' online behaviour even when those users have adjusted settings in the Internet Explorer browser to prevent it happening.

Dean Hachamovitch, corporate vice president of Internet Explorer (IE) at the software giant, said Google had "bypassed" the settings by using a quirk in privacy technology. He said the company had identified the problem with its system after a researcher had reported that Google had circumvented user settings on the Apple Safari browser in order to send third-party cookies to those users.

Google has argued that Microsoft's reliance on outdated technology had forced thousands of websites to circumvent the 'Platform for Privacy Preferences' (P3P) system it uses in IE in order to deliver "functionality" to web users. It has also claimed that it had unintentionally served advertising cookies to Safari users when trying to deliver a personalised service to them in other ways, according to media reports.

More at :-
http://www.theregister.co.uk/2012/02/22/ico_enquir...

--
Was this reply relevant?
+0
-0
mogs CClip 92
Expert Contributor 22nd Feb, 2012 10:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Beta Channel Update
Tuesday, February 21, 2012 | 16:22
Labels: Beta updates


The Beta channel has been updated to 18.0.1025.39 for Windows, Mac, Linux and Chrome Frame platforms

All
Updated V8 - 3.8.9.8
Fixed several crashes (Issues: 111376, 108688, 114391)
Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476)
Sync: Sessions aren't associating pre-existing tabs (Issue: 113319)
Fixed All "Extensions" make an entry under the "NTP Apps" page (Issue: 113672)
Windows
Print Dialog Partly Off Screen w/ Windows 7 Vertical Taskbar (Issue: 112614)
"Recently Closed" menu is missing after restarting Chrome (Issue: 110785)
Fixed Garbled text on the SSL chip displayed in the Omnibox (Issue: 114168)
Mac
Fixed Custom cursor decoding with wrong color (Issue: 114598)
Fixed Custom image cursor makes the cursor disappear altogether (Issue: 111027)
Fixed Chrome on dual-GPU NVIDIA/Intel MacBook Pro hangs browser (Issue 113703)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 93
Expert Contributor 22nd Feb, 2012 11:46
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
5 free Android security apps for your smartphone
These free Android security apps from Symantec, AVG, Avast, and more will not only keep malware away but help find your smartphone when it's missing

By Eric Geier | Computerworld

Read more at :-
http://www.infoworld.com/d/mobile-technology/5-fre...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Expert Contributor 22nd Feb, 2012 11:56
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
McAfee: Spam in retreat in UK
By Lance Whitney, CNET News, 22 February, 2012 10:41

Spam hit its lowest level in years in the final quarter of 2011, especially across popular targets such as the UK, Brazil, Argentina and South Korea, McAfee has reported.

However, the US and Germany saw their rates inch up slightly. And although spam levels have declined overall, junk mail is still a clear danger because of the increase in spear phishing, or more targeted attacks. In years past, spammers sent their payloads to a slew of random addresses, hoping to ensnare at least a small percentage of users. But now address lists are more accurate, McAfee said in its report (PDF).

Botnets, or computers tricked into running malicious software, surged in growth in November and December following a drop since August. A few countries saw a decline in botnet activity, but most experienced a significant jump, McAfee said.

http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Expert Contributor 22nd Feb, 2012 20:27
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Researcher: 200,000 Windows PCs vulnerable to pcAnywhere hijacking
Users aren't patching problem-plagued remote access program; up to 5K point-of-sale systems at risk

By Gregg Keizer
February 22, 2012 12:27 PM ET
Computerworld - As many as 200,000 systems connected to the Internet could be hijacked by hackers exploiting bugs in Symantec's pcAnywhere, including up to 5,000 running point-of-sale programs that collect consumer credit card data, a researcher said today.

The revelations came just four weeks after Symantec took the unprecedented step of telling pcAnywhere users to disable or uninstall the program because attackers had obtained the remote access software's source code.

Several days later, Symantec said it had patched all the known vulnerabilities in pcAnywhere, but declined to declare that the product was safe to use.

According to Rapid7, which prowled the Web looking for pcAnywhere systems, an estimated 150,000-to-200,000 PCs are running an as-yet-unpatched copy of the Symantec software, and are thus vulnerable to be hijacked by remote attacks, which could commandeer the machine's keyboard and mouse, and view what's on the screen.

More at :-
http://www.computerworld.com/s/article/9224481/Res...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Expert Contributor 22nd Feb, 2012 20:32
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
XSS Flaw in Skype Shop May Allow Hackers to Steal User Accounts

Georgian security researcher Ucha Gobejishvili identified major cross-site scripting (XSS) vulnerabilities on the Skype Shop (shop.skype.com) website and in the Skype Application Programming Interface (API) site (api.skype.com).

The first site is the official Skype store where customers can purchase anything from headsets, phones, webcams, mobiles, and microphones.


According to a blog post on 1337 Blog, the expert’s personal site, the XSS flaw discovered on these sites could allow an attacker to hijack cookies if he manages to convince the potential victim to click on a specially designed link. If exploited successfully, a hacker could hijack the user’s session and even steal his/her account.

Given the large number of visitors this site has, the vulnerability can be catalogued as being a “high risk” issue.

More at :-
http://news.softpedia.com/news/XSS-Flaw-in-Skype-S...

--
Was this reply relevant?
+0
-0
mogs CClip 97
Expert Contributor 22nd Feb, 2012 20:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
YouPorn Coding Error Exposes Details of a Million Members

Read more: http://www.itproportal.com/2012/02/22/youporn-codi... Popular pornography streaming website YouPorn has inadvertently exposed the login information of over a million members due to a simple coding flaw.
Discovered and highlighted by Sweden's largest web forum Flashback.org, the exposed information contained usernames, passwords and email addresses - including their sign up date.
According to EuroSecure, the coding gaff was in the form of a publicly accessible URL on YouPorn's chat subdomain, which listed debug logging - and it's been running since 2007. That means if you have an account on that site that was registered after that date, chances are your details were accessible.
In order to mitigate the backlash over the incident, the chat portion of YouPorn is now down, though the site proper still remains online.


Read more: http://www.itproportal.com/2012/02/22/youporn-codi...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Expert Contributor 23rd Feb, 2012 20:58
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google commits Chrome to support 'Do Not Track'
Do Not Track researcher sees 'great step forward' as last holdout jumps on bandwagon

By Gregg Keizer
February 23, 2012 02:29 PM ET
Computerworld - Google will add support for "Do Not Track" to its Chrome browser by the end of this year.

The move is a reversal for Google, which has resisted supporting the technology that lets users opt out of the online tracking conducted by websites and advertisers.

Google's change of heart came as the White House today pushed a privacy bill of rights and said it would introduce new online privacy legislation in Congress.

Chrome joins other browsers -- Microsoft's Internet Explorer 9 (IE9) and Mozilla's Firefox -- which can already transmit special information with every HTTP page request that tells sites the user does not want to be tracked.

More at :-
http://www.computerworld.com/s/article/9224543/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Expert Contributor 23rd Feb, 2012 21:10
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Unpatched Adobe Reader Flaws Exploited by PDF Malware Creators

A remote code execution vulnerability that existed in Adobe Acrobat and Adobe Reader, which the company patched up in 2010, is still being exploited by malware developers that rely on malicious PDF files to ensure the success of their campaigns.


Symantec products stopped many of these PDF attacks this month, the maximum number being recorded on February 16 with close to 3,500 hits.

A detailed analysis of an exploited PDF sample reveals a highly obfuscated JavaScript that makes use of the old vulnerability that refers to an invalid value in a tagged image file format generated by the corruptscthe TIFF parser (LibTIFF).

“The JavaScript was embedded in an XFA object (object 8 in the above figure) in an Acrobat Form. The JavaScript manipulated a subform field by using a reference to an embedded element, “qwe123b” in the example,” Symantec’s Jason Zgang wrote.

“When such an exploited PDF sample is loaded into the vulnerable PDF reading application, the XFA initialize activity is triggered and the embedded JavaScript will be called.”

The JavaScript also constructs the correct exploited TIFF file and the shellcode, which it sprays into the memory, ensuring that the vulnerability is triggered by assigning the image file to the rawValue of the pre-defined form element.

The way in which the malware determines the current version of the PFD reader, by converting the version into an integer that can be compared to a certain threshold that represents the application’s variant, confuses malware analysts and antivirus scanners.

Symantec’s findings basically show that there are still a lot of users who fail to upgrade Adobe Reader and Acrobat, giving malware developers the opportunity to simply upgrade their products to ensure them a high rate of success.

Since Adobe products are usually highly targeted by malicious operations, it’s always recommended that customers update their applications whenever the vendor makes available a new version.

http://news.softpedia.com/news/Unpatched-Adobe-Rea...

--
Was this reply relevant?
+0
-0
mogs CClip 100
Expert Contributor 23rd Feb, 2012 21:16
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Feds apply for DNSChanger safety net extension

Apply for extension before millions of infected PCs are disconnected
By John Leyden • Get more from this author

Posted in Government, 23rd February 2012 17:38 GMT
Federal authorities have applied for permission to extend the operation of a safety net that allows machines infected by the DNSChanger Trojan to surf the net as normal beyond a 8 March deadline.

DNSChanger changed an infected system's domain name system (DNS) settings to point towards rogue servers that hijacked web searches and pointed surfers towards various sleazy websites, as part of a long running click-fraud and scareware punting scam. The FBI stepped in and dismantled the botnet's command-and-control infrastructure back in November, as part of Operation GhostClick. As many as 4 million machines were infected as the peak of the botnet's activity.

Rogue DNS servers were replaced by legitimate machines at the time of the takedown operation but nothing was done to disinfect infected PCs, a particular concern since the DNSChanger malware is designed to disable security software, leaving infected machines at heightened risk of infection.

Barring court permission, legitimate servers that were set up to replace rogue DNS servers will be taken offline on 8 March, 120 days after the initial takedown operation. The feds have applied (PDF) to extend this safety net until 9 July.

More at :-
http://www.theregister.co.uk/2012/02/23/dnscahnger...

--
Was this reply relevant?
+0
-0
mogs CClip 101
Expert Contributor 23rd Feb, 2012 21:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Avast Free Antivirus 7 adds cloud updates, file reputation and remote assistance
Avast Free Antivirus version 7 improves existent features and adds several new ones
By Lucian Constantin | 23 February 12

Avast Free Antivirus 7 is set to be released on Thursday and will have new features including cloud-based updates, remote assistance and file reputation.

Avast Free Antivirus is one of the most popular antimalware products for consumers. According to statistics supplied by the vendor, the program has over 150 million active users.

Version 7 has a new remote assistance feature that allows Avast users to help other people who also use the program solve technical or malware-related issues by temporarily taking control of their computers.

The remote assistance sessions are routed through Avast's servers in order to ensure their security and can only be initiated by the users whose computers will be controlled.

When a session is initiated, an 8-digit code gets generated and needs to be communicated to the remote user, Avast Software's chief technology officer Ondrej Vlcek said.

The remote assistance feature doesn't require any special firewall rules or exceptions to work, because it relies only on outbound connections to Avast's server, Vlcek said.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3339778/a...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Expert Contributor 23rd Feb, 2012 22:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
CCleaner 3.16 Adds "Scheduled Tasks" Section Piriform just updated their system cleaning application, CCleaner, to version 3.16. Among the most notable changes in the latest release is the “Scheduled Tasks” tab in the built-in Startup tool, which lets you view the entries in Task Scheduler.

Also new in this release is the option to close web browsers when cleaning. The developer extended the list of applications that can be cleaned by CCleaner and included AIMP 3, Corel VideoStudio Pro X4 and AlZip.

Efficiency in cleaning already supported software, such as Snagit 10, AntiVir Desktop, Ashampoo Burning Studio 11, and Adobe Acrobat, has been improved.

CCleaner 3.16 improves Windows 8 compatibility and is more thorough when it removes history items in Firefox Aurora and Google Chrome. The full list of modifications is available on this page.

The application also comes as a portable download, which can be downloaded from this link.

http://news.softpedia.com/news/CCleaner-3-16-Adds-...

--
Was this reply relevant?
+0
-0
mogs CClip 103
Expert Contributor 24th Feb, 2012 09:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Brits guard Facebook passwords more than work logins – survey

Too many of the damn things to remember
By John Leyden •

Posted in ID, 23rd February 2012 15:28 GMT

A survey of UK consumers revealed many are far more careful with their social network login credentials than passwords that grant access to corporate systems.

A third - 34 per cent - of 2,000 people quizzed admitted sharing their work passwords, but 80 per cent of the same group were unwilling to reveal their Facebook login details.


The survey, commissioned by cloud security firm Ping Identity, suggests that the use of multiple passwords is posing a security risk to individuals and businesses alike.

More at :-
http://www.theregister.co.uk/2012/02/23/password_s...

--
Was this reply relevant?
+0
-0
mogs CClip 104
Expert Contributor 24th Feb, 2012 09:42
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Thursday, February 23, 2012 | 16:16
Labels: Dev updates
The Dev channel has been updated to 19.0.1049.3 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:

All
Updated V8 - 3.9.8.0
Marked the Certum Trusted Network CA as an issuer of extended-validation (EV) certificates.
Fixed importing of bookmarks, history, etc. from Firefox 10+.
Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636, 112676
Mac
Worked around lockups of mid-2010 MacBook Pros (dual NVIDIA/Intel GPUs) running 10.7. Please stress test Flash, WebGL and other GPU accelerated content on such machines and file bugs referencing Issue 113703 if issue persists.
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 105
Expert Contributor 24th Feb, 2012 09:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Mozilla is readying an OS agnostic app store

Opening soon
By Dave Neal
Thu Feb 23 2012, 17:36


OPEN SOURCE NON-PROFIT software development outfit Mozilla is working towards an operating system agnostic apps store.
The organisation said that its aims are "people-centric" and will give users and developers a lot more freedom, choice and opportunity when they want to look for apps for several operating systems in one place or develop one application for all available devices.
"The Web is the largest platform in the world. We are enabling the Web to be the marketplace, giving developers the opportunity to play on the biggest playing field imaginable," said Todd Simpson, Mozilla's chief of innovation.
"By building the missing pieces, Mozilla is now unlocking the potential of the Web to be the platform for creating and consuming content everywhere."
The outfit is opening up for developer submissions at Mobile World Congress next week, and there it is looking for apps that ignore confines like devices and operating systems and are based on open web technologies like HTML5, Javascript and CSS.

More at :-
http://www.theinquirer.net/inquirer/news/2154747/m...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Expert Contributor 24th Feb, 2012 23:59
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Open source code quality is as good as proprietary software

Millions of lines of code tested
By Robert Jaques
Fri Feb 24 2012, 10:39

CONFIRMING what many software engineers have suspected for a while, code analysis shows that the quality of open source code matches or exceeds that of proprietary software.
The results come from the 2011 Coverity Scan Open Source Integrity Report (Scan), a public-private sector research project that was initiated by Coverity and the US Department of Homeland Security in 2006. For the project researchers waded through over 37 million lines of open source software code and over 300 million lines of proprietary software code.
Code from 45 of the most active open source projects in Scan were analysed. The average open source project in Scan has 832,000 lines of code. The average defect density - the number of defects per thousand lines of code - across open source projects in Scan was found to be 0.45.
In addition over 300 million lines of code from 41 proprietary codebases of anonymous Coverity users were analysed. The average codebase had 7.5 million lines of code and the average defect density over the proprietary codebases analysed was found to be 0.64.
According to Coverity, both open source code quality and proprietary code quality, as measured by defect density, was better than the average for the software industry, which is a defect density of 1.0.

More at :-
http://www.theinquirer.net/inquirer/news/2154870/s...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Expert Contributor 25th Feb, 2012 00:07
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google adds Do Not Track button to Chrome

But you don't have to push it, pleads ad giant
By Anna Leach

Posted in Applications, 24th February 2012 16:02 GMT

Updated Google's Chrome browser has added a Do Not Track option that will prevent websites using your browser history to target ads at you.*

Pioneered by Mozilla Firefox, the Do Not Track convention adds a field in the HTTP header of each web page instructing websites not to take info about you from your browser. Commonly used to prevent overly personal targeted ads, Do Not Track also stops web visitors having their data picked through by websites' social features and analytics engines. Microsoft claims that Internet Explorer doesn't track its users and Do not Track is an option in Safari.


The Chrome extension that allows you to opt out of tracking – Keep My Opt Outs – is now live in Google's apps store.

More at :-
http://www.theregister.co.uk/2012/02/24/google_chr...

--
Was this reply relevant?
+0
-0
mogs CClip 108
Expert Contributor 25th Feb, 2012 11:47
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Malware grows to the tune of 75 million samples in 2011: McAfee
Security vendor finds malware is still prevalent online despite decline in Q4
By Patrick Budmar | Australian Recruitment Network | 25 February 12

Despite McAfee predicting that unique malware samples would hit 75 million in 2011, the security vendor actually found that the real number actually surpassed that estimate.

The vendor's latest report, McAfee Threats Report: Fourth Quarter 2011, finds that while new malware slowed in Q4, mobile malware was on the rise and experienced its busiest period to date.

McAfee Labs senior vice-president, Vincent Weafer, found the thread landscape in 2011 highly evolved, with a change in the motivation typical for cyber attacks.

"Increasingly, we've seen that no organisation, platform or device is immune to the increasingly sophisticated and targeted threats," he said.

While the good news in the report was that PC-based malware was found to have declined throughout Q4 of 2011, reaching a level that was in fact significantly lower than the same quarter a year earlier, the fact is unique malware samples exceeded 75 million.

More at:-
http://www.pcadvisor.co.uk/news/security/3340078/m...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Expert Contributor 25th Feb, 2012 22:26
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google: New privacy policy to have little impact on enterprise
The company says it will not share data between its enterprise apps and personal Google accounts By Grant Gross and Juan Carlos Perez | IDG News Service


Google's plan to share user data across its online services will have little effect on users of the company's enterprise, government, and education application suites, the company said.

The rewrite of Google's privacy policies, scheduled to roll out March 1, will not change Google Apps for business, government and education because those applications suites already link services such as email and calendars, Google spokesmen said. If a user of one of those suites logs into a separate personal Google account, such as YouTube or Google+, those services will not share the user's personal information with the enterprise suites, they said.

Google will not establish relationships between users' work accounts and personal accounts, a spokesman said.

More at :-
http://www.infoworld.com/d/applications/google-new...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Expert Contributor 26th Feb, 2012 19:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Analyst: Microsoft won't copy Apple's online-only sales for Windows 8
But may trim upgrade edition count by dropping Ultimate from retail

By Gregg Keizer
February 24, 2012 03:59 PM ET
Computerworld - Microsoft will probably trim the number of Windows 8 editions it will sell later this year, but won't mimic Apple's online-only approach to OS upgrades, a retail sales analyst said today.

In developed countries, including the U.S., Microsoft offers Windows 7 in four SKUs, or editions: Home Premium, Professional, Enterprise and Ultimate. All but Enterprise -- available only to volume licensees such as major corporations -- are sold to the general public.

Evidence uncovered by ZDNet blogger Stephen Chapman -- who found a list of Windows 8 SKUs on a pair of Hewlett-Packard support documents -- hints at just three editions of the upcoming OS: a generic "Windows 8," Professional and Enterprise.

More at :-
http://www.computerworld.com/s/article/9224599/Ana...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Expert Contributor 26th Feb, 2012 20:00
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Why are telephone numbers now displayed differently in Chrome?
Q Recently, Chrome – my preferred web browser – has begun to display telephone numbers differently. It’s a difficult problem to explain exactly, but if a website includes a telephone number somewhere, it is briefly displayed in the browser’s default font style before suddenly changing to a different look – just like a button, in fact.
If I click this button then Skype launches and tries to dial the number. I therefore suspect that this is related to Skype in some way, but I can’t find any option in that program to modify or disable what it’s doing to Chrome. Can you help?
Scott Courtney
A This is indeed Skype’s handiwork and we’ve had quite a few complaints about it recently. The short story is that following a recent update the Skype application took it upon itself to install an add-on to certain browsers, including the most recent versions of Firefox, Internet Explorer and Chrome.


Read more: http://www.computeractive.co.uk/ca/pc-help/2134929...

--
Was this reply relevant?
+0
-0
mogs CClip 112
Expert Contributor 27th Feb, 2012 13:33
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security Holes Found in 25 “Verisign Trusted” Online Stores (Exclusive) Freedom, the grey hat hacker that in the past period identified a lot of cross-site scripting (XSS) vulnerabilities in some important websites, returns with other interesting finds. He discovered a number of 25 online shops from the United Kingdom containing XSS security holes.

The worrying thing is that all of the sites bare Verisign Trusted, Internet Shopping is Safe, Internet Delivery is Safe, Verified by Visa, and MasterCard SecureCode logos.

“25 of these big sites all run the same script and it was not hard to find them all using a home made ‘Google dork’. They try to filter the search on the main pages but then when you search for something that is well not there it then allows you to search again and this one has no limit to characters and very lil filtering,” the hacker told us.

“A person with 5 mins of looking at XSS could make these sites fall to the knees and well do alot of damage to the reputations of these sites.”

Freedom provided us with screenshots to prove that the vulnerabilities exist in sites such as House of Fraser, Jacamo, Fashion World, Premier Man, Williams and Brown, Marisota, Ambrose Wilson, Viva la Diva, Fifty Plus, and High and Mighty.

Similar XSS flaws were found in the online shops like JD Williams, Heather Valley, Classic Confidence, Nightingales, Simply Yours, That’s My Style, Home Essentials, Oxendales, Naturally Close, House of Bath, Classic Detail, The Briliant Gift Shop, Crazy Clearance, Feel Good Essentials, and Simply Be.

A 26th site that was found to be vulnerable is ASDA Direct (direct.asda.com), but this one is covered separately because it doesn’t display any logos that guarantee shopper safety.

More at :-
http://news.softpedia.com/news/Security-Holes-Foun...

--
Was this reply relevant?
+0
-0
mogs CClip 113
Expert Contributor 27th Feb, 2012 15:39
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Wikileaks publishes hacked Stratfor emails

WikiLeaks has published some of the five million emails stolen from security think tank Stratfor.
By Stephen Grey, Reuters, 27 Feb 2012 at 11:03

Anti-secrecy group WikiLeaks has gone public with emails stolen from a US-based global security analysis company that has been likened to a shadow CIA.

The emails - which number five million in total and were snatched by hackers - could unmask sensitive sources and throw light on the murky world of intelligence-gathering by the company known as Stratfor, which counts Fortune 500 companies among its subscribers.

Having had our property stolen, we will not be victimised twice by submitting to questioning about them.
Stratfor in a statement shortly after midnight EST (0500 GMT) said the release of its stolen emails was an attempt to silence and intimidate it.

More at :-
http://www.itpro.co.uk/639154/wikileaks-publishes-...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Expert Contributor 27th Feb, 2012 21:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Manchester United and 59 Other Sites Named Vulnerable by Zer0Freak A number of 60 high-profile websites were found to contain cross-site scripting (XSS) vulnerabilities that can potentially expose the sites’ visitors to malicious operations launched by cybercriminals with a clearly defined agenda.

The list of vulnerable sites provided by Zer0Freak, a hacker part of Team Intra, includes the official sites of Electronic Arts, Avon, WWF Panda Global, LG, Lyrics Fly, University of Virginia, Pizza Hut, Hungry Jack’s, Jaycar, Adidas, Your Gamer Cards, Shockwave, Toshiba, Puma, Ferrari, Toyota, Guitar, Web Hosting Search, McDonald’s, Fender, PCWorld, Los Angeles Times, and Dell.

The list continues with Catholic Online, Nero, Bruxelles, Beemp3, Weather, Dictionary, Harvard University, VMware, Autodesk, Radio Times, Music, NASA, Comcast, Sky Sports, NFL, Gamespot, Burger King, Dubstep, Fedex, NY Observer, Philips, Electa, Nike, Manchester United soccer team, ABC, Food, Nissan, Colegate, Symantec’s Norton, and Genius.

Part of these sites were already appointed in the past weeks as being highly vulnerable by other grey hat hacker teams and Zer0Freak said that a few of them were fixed in the meantime, but judging by the screenshots he sent us, some administrators still haven’t addressed the security holes.

More at :-
http://news.softpedia.com/news/Manchester-United-a...

--
Was this reply relevant?
+0
-0
mogs CClip 115
Expert Contributor 28th Feb, 2012 12:37
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK

Free tool silently updates most Windows software
Secunia's PSI 3.0 hits beta, eliminates the need to run scads of update services

By Gregg Keizer
February 27, 2012 03:22 PM ET1 Comment
Computerworld - Danish security company Secunia today released a beta version of its PSI 3.0 utility that automatically downloads updates for Windows programs and plug-ins created by thousands of third-party vendors.

Personal Software Inspector (PSI) 3.0, the latest in Secunia's line of out-of-date-software scanners, will ship in final form this June.

Secunia pitched PSI 3.0 as a silent update mechanism for Windows software whose makers, unlike Microsoft and a few other developers, have not created a background tool to keep their programs up-to-date.

"The new version...offers extended automatic patching using the Secunia Package System (SPS), thereby removing the dependency on vendors providing silent installers," said Secunia in a statement.

SPS is Secunia's proprietary tool for creating customized installation packages, and was borrowed from the company's enterprise utility, Corporate Software Inspector.

PSI 3.0 scans a user's Windows PC and examines a slew of files -- primarily .exe, .dll and .ocx files -- to collect meta-data recorded on the hard drive by vendors when one of the applications or other programs are installed. The utility then ships that data to Secunia's servers, where it's matched against a list of file signatures.

When the signatures on a PC don't match those on Secunia's list, PSI 3.0 interprets that as indicating out-of-date software. PSI then assembles the required updates, pushes them to the machine and installs them.

Some user interaction may be required -- when Computerworld ran PSI 3.0 on Windows 7, it asked to identify the language edition of Firefox that should be installed -- but for the most part it's a fire-and-forget tool. There are no settings to modify, for example, and the utility automatically scans the system every seven days.

Secunia hopes that PSI plugs holes left open by users who don't regularly patch all the programs on their PCs.

"We are aiming to make PSI 3.0 the only tool that users need to keep all their software up-to-date," Thomas Kristensen, Secunia's chief security officer, said in a statement today.

Secunia has hammered the update message for years, most recently with a report earlier this month that said the typical PC user has to master 11 different update mechanisms in addition to the one that Microsoft provides

http://www.computerworld.com/s/article/9224656/Fre...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Expert Contributor 28th Feb, 2012 12:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
NEC and Udemy Found Vulnerable by Researcher (Exclusive) Independent security researcher Shadab Siddiqui provided us with information regarding a couple of important websites that contain cross-site scripting (XSS) vulnerabilities. More specifically, he found this type of flaws in the official sites of NEC (nec.com) and Udemy (udemy.com).

The site owned by NEC, the company supplying government agencies and private sector companes with IT services, equipment and products for platforms and carrier networks, turns out to be highly vulnerable.

The expert identified XSS vulnerabilities on at least two of their webpages and provided us with screenshots to prove his finds.

Udemy, an online knowledge sharing site, was also discovered to contain XSS and other types of flaws, but fortunately for their customers, they rushed to patch up the security holes.

“It’s quite vulnerable. It had many other vulnerabilities like directory listing, file upload vulnerability etc, but after I informed them about the vulnerability they patched it, but didn’t even had the courtesy to reply me with a thanks,” Siddiqui told us.

More at :-
http://news.softpedia.com/news/NEC-and-Udemy-Found...

--
Was this reply relevant?
+0
-0
mogs CClip 117
Expert Contributor 28th Feb, 2012 13:04
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Google offers hackers a cool $1m to crack Chrome

A full-blown Chrome exploit is worth $60,000
By Robert Jaques
Tue Feb 28 2012, 11:15

SOFTWARE DEVELOPER Google has thrown down the gauntlet to white-hat hackers by offering up to $60,000 to anyone who can engineer a fully functional exploit that punches a security hole in its Chrome web browser.
The search giant has once again chosen the Cansecwest security conference to announced the competition, noting that developing a fully functional exploit is "significantly more work" than finding and reporting a potential security bug.
Posting on the Google Chrome Security Blog, Chris Evans and Justin Schuh from the Google Chrome Security Team explained that the aim of the sponsorship is simple. They said, "We have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users."
Somewhat perversely, the team added that the fact that Chrome is not receiving exploits means that it is actually harder to improve the platform. So to address this and maximise the chances of receiving exploits this year, the search company has dug deep to put up a cool $1 million worth of rewards. The top individual prize of $60,000 will be paid for a full Chrome exploit using only bugs in Chrome to deliver Windows 7 local OS user account persistence

More at :-
http://www.theinquirer.net/inquirer/news/2155574/g...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Expert Contributor 29th Feb, 2012 06:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Dev Channel Update
Tuesday, February 28, 2012 | 16:23
Labels: Dev updates
The Dev channel has been updated to 19.0.1055.1 for Windows, Mac, Linux and Chrome Frame. This build contains stability fixes and updated V8 to 3.9.11.0. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
5 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 119
Expert Contributor 29th Feb, 2012 06:35
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Indian Search Engine Guruji Found Vulnerable (Exclusive)
Shadab Siddiqui, the independent security researcher that recently identified vulnerabilities in sites such as redhat.com, nec.com and udemy.com, returns with another round of security holes, this time affecting India’s most popular search engine Guruji.com, sometimes preferred over Google due to the better results it brings up when performing local searches.


With the aid of another security expert, Deepanker Verma, the owner of Hacking Tricks, he found a cross-site scripting (XSS) vulnerability and a VS disclosure issue. The latter does not have a direct impact on a site’s security, but attackers could leverage the weakness to gather information.

The CVS repository files found by the researchers can disclose the CVS’s physical paths, names and file lists.

“While disclosures of this type do not provide chances of direct attack, they can be useful for an attacker when combined with other vulnerabilities or during the exploitation of some other vulnerabilities,” Siddiqui told us.

They also came across the site’s open policy Crossdomain.xml file which can be utilized to access one-time tokens.

Read more at :-
http://news.softpedia.com/news/Indian-Search-Engin...

--
Was this reply relevant?
+0
-0
mogs CClip 120
Expert Contributor 29th Feb, 2012 06:45
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Security firm targeted by Anonymous gives up the ghost HBGary, the IT security company that had highly sensitive internal emails splashed across the internet by hacktivist group Anonymous, is to be sold off to federal security rival ManTech International.
The acquisition marks the final ignominy for a firm that once threatened to lift the curtain on Anonymous by revealing the apparent identify of some of its most senior members.
Those threats, made by Arron Barr, then-chief executive of HBGary Federal, prompted Anonymous to launch attacks on HBGary's systems and pilfer thousands of company emails, which were leaked online.
The acquisition by ManTech, has been “structured as an asset purchase”, which ensures that ManTech is able to control which liabilities are being assumed – so that if there was any subsequent fallout from the Anonymous attack, ManTech may not have to foot the bill.

More at :-
http://www.v3.co.uk/v3-uk/news/2155676/security-fi...

--
Was this reply relevant?
+0
-0
mogs CClip 121
Expert Contributor 29th Feb, 2012 20:40
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Windows 8 on ARM on track, Microsoft says
Microsoft released the consumer preview of Windows 8 at an event in Barcelona

By Nancy Gohring
February 29, 2012 11:49 AM ET
IDG News Service - Anyone can take Windows 8 for a spin now that Microsoft has launched the so-called "consumer preview" version of the software at an event in Barcelona on Wednesday.

The company said that ARM processor reference designs for Windows 8 are in testing and making the same progress as those running on X86 chips. This is the first time that Windows will run on ARM, widely used in smartphones and tablets. Given the progress that Microsoft said it is making, some company observers think Windows 8 will likely launch this year.

Executives at the launch event stressed that Windows 8 was built to work on a wide variety of devices. "The goal should be that the OS should scale with you," said Steven Sinofsky, president of the Windows and Windows Live Division at Microsoft.

More at :-
http://www.computerworld.com/s/article/9224762/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 122
Expert Contributor 29th Feb, 2012 20:52
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK


FEBRUARY 29, 2012
Secunia pushes security patches without vendor consent
Secunia plans to package PC security updates in single automatic mechanism -- whether software companies like it or not

By Robert Lemos | InfoWorldFollow @infoworld


Staying current with patches and updates is a key component of keeping a computer secure, but the majority of workers are not diligent about updating their home computers. In the age of consumers using their own devices and cloud services in the workplace, the lack of up-to-date software can pose a security problem for companies.

Part of the problem is that consumers' default behavior is to click no to any update request. In addition, the dozen vendors that make the most popular 50 programs found on desktops have a hodgepodge of update mechanisms, making it difficult for users to know the status of their systems, says security firm Secunia. While 72 percent of vulnerabilities reported in 2011 had a readily available patch at the time of public announcement, about half of all endpoints have one or more unpatched vulnerabilities, the company says.

"If (updating) requires more than a simple OK, then users won't do it," says Thomas Kristensen, chief security officer for Secunia.

On Monday, Secunia announced a new simplified version of its Personal Software Inspector that will package security updates from the most popular software vendors into a single automated update mechanism. The approach is controversial because the company is not first asking developers for permission.

"For years, we have tried to push out information on patch levels so that software companies would have better updates," says Kristensen. "The vendors failed to commit."

Wrapping an update in a tailored installer has caused controversy in the past, mainly because firms repackaging software often did it for non-altruistic reasons. Late last year, security experts took CNET's Download.com to task for bundling other companies' software with the installers for open source applications.

Yet for a personal computer to stay atop patching schedules, the software vendor must already have an automated update process or a service must repackage the updates, says Kristensen. The technique is baked into almost every Linux distribution, for example, allowing users to refresh all software on the system with a single utility.

Secunia plans to question any software vendor that takes issue with its automatic update service as to why the developer does not automatically update users on its own. Microsoft and Adobe, for example, both already automatically patch their users.

Secunia plans to seek out partners, such as Internet service providers and banks, that want to increase the security of their users. In addition, the lessons that Secunia learns from its free PSI 3.0 product will make their way into its enterprise security product.

http://www.infoworld.com/t/security-management/sec...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Expert Contributor 29th Feb, 2012 23:18
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
The Raspberry Pi computer goes on general sale A credit-card sized computer designed to help teach children to code has gone on sale for the first time.

The Raspberry Pi is a bare-bones, low-cost computer created by volunteers mostly drawn from academia and the UK tech industry.

Sold uncased without keyboard or monitor, the Pi has drawn interest from educators and enthusiasts.

Supporters hope the machines could help reverse a lack of programming skills in the UK.

"It has been six years in the making; the number of things that had to go right for this to happen is enormous. I couldn't be more pleased," said Eben Upton of the Raspberry Pi Foundation which is based in Cambridge.

More at :-
http://www.bbc.co.uk/news/technology-17190918

--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS February
Expert Contributor 1st Mar, 2012 08:48
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Thankyou for your support.

This thread is now closed

Please see CYBERCLIPS for March at :-
http://secunia.com/community/forum/thread/show/122...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability