Forum Thread: Daily CYBERCLIPS February

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Daily CYBERCLIPS February
Member 1st Feb, 2012 08:43
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK

Seventeenth Edition.

Thankyou for the support . Hope you find something of value/interest in the new thread. The new INDEX thread will follow shortly.
Please refrain from scoring on both threads.
Security is the mainstay of the thread with some related and varied topics.
Scroll down for the latest posts !!
Note; that no entry/post should be taken as a personal recommendation, unless otherwise stated.
Please continue to keep CYBERCLIPS free of junk and unattractive to any contentious individuals..
* Keep patching : up to date : be Cybersafe ! *

--

mogs CClip 1
Member 1st Feb, 2012 08:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 2
Member 1st Feb, 2012 11:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Symantec drops don't-use advice, gives pcAnywhere all-clear
Offers free upgrades to customers running older editions as one rival swoops in with special pricing

By Gregg Keizer
January 31, 2012 04:15 PM ET5 Comments
Computerworld - Symantec has retracted its don't-use-pcAnywhere recommendation to owners of the remote access software.

Last week, the company took the highly unusual step of telling pcAnywhere users to disable the program based on a 2006 source code leak and this month's claims by members of Anonymous that they were mining the stolen code for vulnerabilities.

Symantec spokesman Brian Modena declined to declare the now-patched pcAnywhere as safe to use when asked that question multiple times, but hinted that the fixes the company has released were sufficient.

"At this time, Symantec recommends that customers ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow general security best practices," Modena said in a pair of emailed responses to questions about the software's safety.

More at :-
http://www.computerworld.com/s/article/9223863/Sym...

--
Was this reply relevant?
+0
-0
mogs CClip 3
Member 1st Feb, 2012 20:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Kelihos botnet, once crippled, now gaining strength
Microsoft and Kaspersky Lab are now seeing the botnet it shutdown in September coming back to life

By Jeremy Kirk
February 1, 2012 10:04 AM ET
IDG News Service - A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it.

The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams.

But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled.

But the computers that comprised Kelihos were still infected with its code. Researchers knew that it would only be a matter of time before its controller used the botnet's complex infrastructure of proxy servers and communication nodes to regain control.

More at :-
http://www.computerworld.com/s/article/9223885/Kel...

--
Was this reply relevant?
+0
-0
mogs CClip 4
Member 1st Feb, 2012 20:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft ditches plug-ins for Internet Explorer 10 in Metro

Adobe Flash to disappear
By Lawrence Latif
Wed Feb 01 2012, 14:32

SOFTWARE REDEVELOPER Microsoft has revealed that its Internet Explorer 10 will not use plug-ins when running in the Metro user interface.
Microsoft's Internet Explorer 10 will be released along with the firm's upcoming Windows 8 operating system that features the Metro user interface. The interface, which looks much like the one on the firm's Windows Phone operating system, aims to simplify Windows usage. As part of that, Internet Explorer 10 will be free of plug-ins when run in the Metro interface.
According to Microsoft, Metro style Internet Explorer 10 disposes with plug-ins in a bid to improve battery life, security, reliability and user privacy. The announcement will give further credibility to Apple's long-held strategy of using a clean-cut web browser with IOS.
John Hrvatin, Microsoft programme manager lead on Internet Explorer said, "The desktop browsing experience and most plug-ins were not designed for smaller screens, battery constraints, and no mouse. Providing an easy way to the Windows desktop is the last resort when no comparable plug-in free fallback content exists."
To Microsoft's credit it has finally come around to supporting open standards such as HTML5 and CSS3, while ditching its own ill-received Silverlight. And should Internet Explorer force users away from proprietary plug-ins, it could be the final nail in the coffin for Adobe's Flash.

http://www.theinquirer.net/inquirer/news/2143021/m...

--
Was this reply relevant?
+0
-0
mogs CClip 5
Member 1st Feb, 2012 20:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla adds a full-xcreen API with Firefox 10

Targets web applications with greater WebGL support
By Lawrence Latif
Wed Feb 01 2012, 16:59

OPEN SOURCE SOFTWARE HOUSE Mozilla has released Firefox 10 and announced developer tools built into the web browser.
Mozilla's Firefox 10 is the first release of the popular web browser in 2012. In less than a year Mozilla has updated Firefox from release 4 to release 10, and while the latest version includes optimisations and fixes, the software outfit has also improved tools for web developers.
Perhaps Mozilla's biggest change in Firefox 10 is the Full-Screen API for web sites and applications. The idea is to better use screen real estate, and Mozilla claims its Full-Screen API will help developers create games and "immersive video experiences".
As part of Mozilla's effort to increase the richness of applications, it has extended its WebGL support. There is also support for CSS 3D transformation, which the outfit said allows developers to transform two dimensional objects into 3D without the need for a plug-in.
Mozilla has also made some changes to code editing, with web developers being able to use page and style inspectors to alter HTML and CSS code, respectively, without having to leave Firefox. Mozilla said its Scratchpad is now powered by the Eclipse Orion code editor to provide syntax highlighting.

http://www.theinquirer.net/inquirer/news/2143091/m...

--
Was this reply relevant?
+0
-0
mogs CClip 6
Member 1st Feb, 2012 20:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 7
Member 2nd Feb, 2012 11:19
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Financial malware targets online banking customers in the UK and US

Captures information on victims' telephone accounts
By Kate O'Flaherty
Wed Feb 01 2012, 19:06
A MALWARE variant is targeting online banking customers in the UK and the US, it has been discovered.
Ice IX, a modified variant of the Zeus financial malware is capturing information on telephone accounts belonging to the victims. This allows attackers to divert calls from the bank intended for their customer to attacker controlled phone numbers, according to security firm Trusteer.
Amit Klein, CTO of Trusteer, said,"I believe the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank's post-transaction verification phone calls to professional criminal caller services that approve the transactions."
In one attack captured by Trusteer researchers, at login the malware steals the victim's user ID and password, memorable information or secret question and answer, date of birth and account balance.
Next, the victim is asked to update their phone numbers of record - home, mobile and work - and select the name of their service provider from a drop-down list. In this particular attack, the three most popular phone service providers in the UK are presented, BT, Talktalk and Sky.
To enable the attacker to modify the victim's phone service settings, the victim is then asked by the malware to submit their telephone account number. The fraudsters justify this request by saying this information is required as a part of verification process caused by "a malfunction of the bank's anti-fraud system with its landline phone service provider".
Klein said, "Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank. This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user."

http://www.theinquirer.net/inquirer/news/2143106/f...

--
Was this reply relevant?
+0
-0
mogs CClip 8
Member 2nd Feb, 2012 11:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
US and China provide home to most hackers Security researchers have found that the US and China are by far the most popular starting points for online attacks.
Security firm NCC said that its global reports placed the two countries far ahead of all other nations in their share of malicious activity. The US claimed 22 per cent of all the world's attacks, while China was second with a 16 per cent share.

Those attacks have also impacted the global economy. NCC estimates that hacking attempts in the two countries combined for a hit on the global economy of roughly $44bn.
Russia was a distant third on the list, claiming a 3.6 per cent share and a cost of roughly $4bn in damages. Rounding out the top five were Brazil with 3.5 per cent and Italy with 3.1 per cent of the world's hacking activity.
The UK was placed outside of the top 10. The country's 1.74 per share of the hacking market good for 15th overall. NCC estimates that hacking activity within the UK cost the global economy roughly $2bn in losses.

More at :-
http://www.v3.co.uk/v3-uk/news/2143119/china-provi...

--
Was this reply relevant?
+0
-0
mogs CClip 9
Member 2nd Feb, 2012 12:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 10
Member 2nd Feb, 2012 17:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Demand for safety kitemark on software stepped up

MPs want new standard plus web security schooling
By John Leyden
The government and industry ought to do more to promote online safety, according to an influential panel of MPs.

Politicos on the Science and Technology Select Committee called for the expansion of Get Safe Online and similar efforts, and for more prolonged awareness campaigns geared towards dispelling fears and encouraging common sense.

The committee wants a single place where punters can get basic security advice, stripped of confusing technical jargon, plus television campaigns.

It also wants public services to be convenient and secure by design, rather than focused on cost-savings, because the government's "digital by default" policy will require citizens to access services, including benefit payments, online.

Finally, and most controversially, MPs want to see "safety standards on software sold within the EU, similar to those imposed on vehicle manufacturers". Industry self-regulation is the preferred route towards achieving that goal but the panel said that if that fails then legislation ought to be considered.

More at :-
http://www.theregister.co.uk/2012/02/02/mps_cyber_...

--
Was this reply relevant?
+0
-0
mogs CClip 11
Member 2nd Feb, 2012 18:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Symantec: We've plugged up pcAnywhere holes

Security giant tries to draw line under source code soap opera
By John Leyden
Symantec has said its pcAnywhere remote control software is once again safe to use, following the release of its latest security patch.

The security giant made the highly unusual move last week of advising customers to avoid using older but still widely used versions of pcAnywhere as a precaution, after it emerged that the product's source code was swiped by Anonymous-affiliated hackers.

The "Lords of Dharmaraja" bragged that they had obtained copies of Symantec's source code and threatened to publicly disclose it in order to facilitate the hunt for unpatched vulnerabilities. Source code for pcAnywhere was put up as the first candidate for this bug hunt, hence the heightened security concern over this product.

After initially blaming the leak on a security breach by an "unnamed third party", Symantec eventually admitted the breach was the result of a previously undisclosed theft of source code from its systems dating back to 2006. Older versions of the source code of a range of enterprise and consumer security products from Symantec was exposed.

More at :-
http://www.theregister.co.uk/2012/02/02/pcanywhere...

--
Was this reply relevant?
+0
-0
mogs CClip 12
Member 2nd Feb, 2012 18:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google changes enable 'per country' blog takedowns

A Google spokesperson said it believed that 'access to information is the foundation of a free society'
Blogger sites can now be blocked on a "per country" basis after a change to its web address system.

Google will now be able to block access in individual countries following a legal removal request.

The new system means blocking will not require restricting world-wide access to a blog.

The changes apply in Australia, New Zealand and India, but the BBC understands Google plans to roll it out globally.

The news follows Twitter's announcement that it could selectively block tweets on a country-by-country basis - news that attracted criticism from free speech campaigners.

However, Joss Wright, research fellow at the Oxford Internet Institute, said he felt the changes to Blogger were a positive step.

More at :-
http://www.bbc.co.uk/news/technology-16852920

--
Was this reply relevant?
+0
-0
mogs CClip 13
Member 2nd Feb, 2012 19:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla Patches 8 Vulnerabilities with Firefox 10 As part of latest iteration of its rapid release schedule, Mozilla released an update to patch eight vulnerabilities present in the Firefox browser. Since mid-2011 Mozilla has been releasing updates every six weeks and the latest Firefox 10 is its sixth release in that line.
Out of the 8 vulnerabilities that it fixes, 6 are rated as "critical" which is company's highest threat rank and two are considered as "high". One of the vulnerability, which has been cured via Firefox 10, exposed users to cross-site scripting (XSS) attack as the browser fails to run security scan on untrusted scripting objects, as stated by the company. The update also works on other bugs which forces the browser to crash.

An accompanying advisory in Mozilla's official website stated that, "The fix enables the Script Security Manager (SSM) to force security checks on all frame scripts."
The company also claimed that Firefox 10 has a number of features important for developers. However, for the users there is one noticeable change which is the ability of the browser to mark automatically almost all the add-ons that are compatible with every upgrade.


Read more: http://www.itproportal.com/2012/02/02/mozilla-patc...

--
Was this reply relevant?
+0
-0
mogs CClip 14
Member 2nd Feb, 2012 20:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Norton set to secure passwords through the cloud

The division of Symantec enables logins to multiple sites and devices with one secure master password.
By Jennifer Scott, 2 Feb 2012 at 09:45

Norton has announced the beta launch of Norton Identity Safe, which aims to use the cloud to secure multiple devices and logins.

Rather than having to carry a number of passwords for different websites, the beta sets up one master password and uses the cloud to enable it across multiple devices, be it an Android phone, iOS tablet or home PC.

Norton Identity Safe also includes Norton Safe Web, meaning in addition to the password tools, users get extra security protection on their mobile and home devices when accessing risky websites or by identifying dangerous URLs.

Research conducted by Norton claimed 38 per cent of respondents still wrote passwords down, with 45 per cent using the same login already across multiple sites. By utilising the cloud, the risk to users should be decreased, whilst still only having to remember one login.

Read more at :-
http://www.itpro.co.uk/638647/norton-set-to-secure...

--
Was this reply relevant?
+0
-0
mogs CClip 15
Member 2nd Feb, 2012 21:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Verisign has been named as the latest company to suffer a targeted attack on its corporate systems.
A report from Reuters references filings the company issued with the US Securities and Exchange Commission (SEC) last year in reporting that the company's Reston,Virginia facility was breached in 2010 by attackers.
The breach is not believed to have resulted in a compromise of the DNS system. The company said that none of its servers connected to the platform were breached in the attack.
Verisign, which oversees administration of the .com, .gov and .net domains has long served as the primary guardian of the DNS platform, which connects web domain names with the corresponding IP addresses of their servers.
DNS security has been a concern in recent years, as Verisign and others have worked to roll out the DNSSec platform. The platform was extended into the .com domain in April of last year.
Prior to the development of DNSSec, researchers such as Dan Kaminsky had worried that the platform could be manipulated by criminals to redirect users from valid sites to phishing pages without their knowledge

http://www.v3.co.uk/v3-uk/news/2143646/verisign-re...

--
Was this reply relevant?
+0
-0
mogs CClip 16
Member 3rd Feb, 2012 10:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 3rd Feb, 2012 10:22
Half of Fortune 500 firms infected with DNS Changer
Machines will be cut off from the Web next month, say experts

By Gregg Keizer
February 2, 2012 04:17 PM ET
Computerworld - Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the "DNS Changer" malware that redirects users to fake websites and puts organizations at risk of information theft, a security company said today.

DNS Changer, which at its peak was installed on more than four million Windows PCs and Macs worldwide -- a quarter of them in the U.S. alone -- was the target of a major takedown organized by the U.S. Department of Justice last November.

The takedown and accompanying arrests of six Estonian men, dubbed "Operation Ghost Click," was the culmination of a two-year investigation, although some security researchers have been tracking the botnet since 2006. As part of the operation, the FBI seized control of more than 100 command-and-control (C&C) servers hosted at U.S. data centers.

According to Tacoma, Wash.-based Internet Identity (IID), which provides security services to enterprises, half of the firms in the Fortune 500, and a similar percentage of major U.S. government agencies, harbor one or more computers infected with DNS Changer.

Read more at :-
http://www.computerworld.com/s/article/9223941/Hal...

--
Was this reply relevant?
+0
-0
mogs CClip 17
Member 3rd Feb, 2012 10:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Netfleet Hacked

The hackers may have accessed customers' names, e-mail addresses, mailing addresses, phone numbers and encrypted credit card numbers.

February 02, 2012
Australian domain reseller Netfleet was recently hacked.

"Netfleet bills itself as Australia's largest and most active domain name trading website operated by 'a small team of developers and domain enthusiasts,'" writes SC Magazine's Darren Pauli. "It admitted that hackers may have stolen customers' name, email and street addresses, phone numbers and encrypted credit card numbers with expiry dates."

"'Whilst we believe no sensitive data such as credit card information was accessed by the intruder, there is a possibility that this is indeed the case and as such we felt it our duty to inform you,' the company wrote in an email," Pauli writes.

Go to "Aussie domain reseller Netfleet hacked" to read the details

.http://www.esecurityplanet.com/hackers/netfleet-ha...

--
Was this reply relevant?
+0
-0
mogs CClip 18
Member 3rd Feb, 2012 21:50
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

German gov't endorses Chrome as most secure browser
Federal security agency touts sandbox, silent update as features that keep citizens safer online
By Gregg Keizer | Computerworld US | 03 February 12

Germany's cyber security agency today recommended that Windows 7 users run Google's Chrome browser, citing the application's sandbox and auto-update features.

In a security best practices guideline, Germany's Federal Office for Information Security, known by its German initials of BSI, said Chrome was the best browser.

"Your internet browser is the key component for the use of services on the Web and thus represents the main target for cyber-attacks," said BSI in its published advice. "By using Google Chrome in conjunction with the other measures outlined above, you can significantly reduce the risk of a successful IT attack."

BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation.

"This [sandbox] protection is implemented most consistently in Chrome...[and] similar mechanisms in other browsers are currently either weaker or non-existent," explained BSI.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3335080/g...

--
Was this reply relevant?
+0
-0
mogs CClip 19
Member 3rd Feb, 2012 21:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft team discovers malicious cookie-forwarding scheme
The scheme could clandestinely forward stolen session cookies to zombie machines in botnets that could use them to gain unauthorized access to websites

By Tim Greene | Network World

Microsoft researchers checking how easy it is to identify users by analyzing commonly collected Web-log data incidentally discovered a cookie-forwarding scheme that can be used to aid session hijacking.

If put into play, the scheme could clandestinely forward stolen session cookies to individual zombie machines in botnets that could use them to gain unauthorized access to websites, according to their research paper "Host Fingerprinting and Tracking on the Web: Privacy and Security Implications" (PDF).

Using data about hundreds of millions of devices that connected to Hotmail during August 2010, the researchers found a certain percentage that connected from more than one Internet AS (Autonomous System) -- a large collection of related IP addresses, usually under the control of a large organization like a service provider, corporation or university.

By tracking cookies that Hotmail issued to these devices, the researchers concluded that most of them were legitimate and were likely mobile or using VPNs, hence the changing location of their IP addresses.

But they also found a small group of cookies exhibiting abnormal behavior. A single IP address in Denmark was logging into a large number of Hotmail accounts. The Hotmail cookies sent to those users were then being reused to gain access from IP addresses in multiple ASs in the U.S., apparently having been shipped to those IP addresses via a covert channel, the researchers say

Read more at :-
http://www.infoworld.com/d/security/microsoft-team...

--
Was this reply relevant?
+0
-0
mogs CClip 20
Member 3rd Feb, 2012 22:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Oracle Patches Security Flaw Affecting Three Products

A remote user could exploit the vulnerability to affect a system's availability.

February 03, 2012 Share
Oracle recently patched three of its products to address a vulnerability that could cause a denial of service.

"The out-of-band patches addressed denial-of-service vulnerabilities that were present in several Oracle products, the company said in a security alert issued Jan. 31," writes eWeek's Fahmida Y. Rashid. "A remote user would be able to exploit this vulnerability, CVE 2011-5035, and affect the system's availability, according to Oracle."

"The affected products are Oracle Application Server 10g Release 3 version 10.1.3.5.0, Oracle WebLogic Server versions 9.2.4, 10.0.2, 11gR1, 12cR1, and Oracle iPlanet Web Server 7.0 and Oracle Java System Web Server 6.1," Rashid writes. "The Oracle Containers for J2EE component in the Application Server was patched."

Go to "Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet" to read the details.

http://www.esecurityplanet.com/patches/oracle-patc...

--
Was this reply relevant?
+0
-0
mogs CClip 21
Member 3rd Feb, 2012 22:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 22
Member 3rd Feb, 2012 23:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Thursday, February 2, 2012 | 17:55
Labels: Dev updates
The Dev channel has been updated to 18.0.1025.3 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:
Fixed URL handling of settings page. [Issue: 111900]
Fixed crash when unpacking extension. [Issue: 112301]
Fixed the case where the utility process crashes after all plugins have been loaded. [Issue: 111935]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 23
Member 4th Feb, 2012 09:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 24
Member 4th Feb, 2012 18:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 25
Member 4th Feb, 2012 19:01
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Facebook malware scam takes hold
A link to malware purporting to be CNN coverage of a US attack on Iran is reaching hundreds of thousands of Facebook users
By Cameron Scott | 03 February 12

A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, security firm Sophos said Friday.
If users who follow the link then click to play what purports to be video coverage of the attack, they are prompted to update their Adobe Flash player with a pop-up window that looks very much like the real thing. Those who accept the prompt unwittingly install malware on their computers.

Within three hours of the scam's appearance, more than 60,000 users had followed a link to the spoofed CNN page, according to Sophos Senior Security Advisor Chester Wisniewski. Facebook removed that link, but others are still being shared.

More at :-
http://www.pcadvisor.co.uk/news/security/3335087/f...

--
Was this reply relevant?
+0
-0
mogs CClip 26
Member 8th Feb, 2012 12:15
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
| 18:03
Labels: Dev updates
The Dev channel has been updated to 18.0.1025.7 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:

Users can now sync NTP icons to their profile and keep their order across different instances of chrome. [Issues: 111277, 100737, 61447]
Pointer Lock / Mouse Lock is implemented behind a flag (see about:flags). Mac only bug fix when closing a tab. [Issue: 111860]
Fixed stability crashes [Issue: 112590, 112116, 111968, 110909]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
6 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 27
Member 8th Feb, 2012 12:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Adobe sets IE as next target in Flash security work
Releases beta of sandboxed Flash Player plug-in for Firefox, on to Microsoft's browser

By Gregg Keizer
February 7, 2012 03:36 PM ETAdd a comment
Computerworld - Adobe plans to tackle Microsoft's Internet Explorer (IE) in its ongoing work to "sandbox" its popular Flash Player within browsers, Adobe's head of security said today.

Yesterday, Adobe released a beta version of a sandboxed Flash Player plug-in for Mozilla's Firefox on Windows Vista and Windows 7 as a follow-up to a similar initiative in 2010 for Google's Chrome.

Next on the list: IE.

"IE has a big chunk of the user base," said Brad Arkin, senior director of security, products and services, in an interview Tuesday. "We want to do what protects the most users the fastest, so we're looking at how we can tackle sandboxing in IE."

Read more at :-
http://www.computerworld.com/s/article/9224047/Ado...

--
Was this reply relevant?
+0
-0
mogs CClip 28
Member 8th Feb, 2012 12:25
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 29
Member 8th Feb, 2012 12:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 30
Member 8th Feb, 2012 12:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
RealPlayer 15.02.71 Patches Critical Flaws

The update addresses seven remote code execution vulnerabilities.

February 07, 2012 Share
Version 15.02.71 of RealPlayer was recently released to address seven highly critical remote code execution vulnerabilities.

"These include errors when processing RMFF Flags, VIDOBJ_START_CODE and RealAudio coded_frame_size, as well as RV10 Encoded Height/Width, RV20 Frame Size Array and RV40 content," The H Security reports.

"A remote code execution problem in Atrac Sample Decoding has also been fixed but is not found in the 15.x.x branch of the media player; this issue affects Mac RealPlayer 12.0.0.1701 but is reportedly not found in version 12.0.0.1703," the article states.

Go to "RealPlayer update closes critical holes" to read the details.

http://www.esecurityplanet.com/patches/realplayer-...

--
Was this reply relevant?
+0
-0
mogs CClip 31
Member 8th Feb, 2012 21:17
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Google Chrome will no longer check for revoked SSL certificates online
Google has decided to drop OCSP revocation checks from Chrome because they are inefficient and slow

By Lucian Constantin
February 8, 2012 12:55 PM ET
IDG News Service - Google plans to remove online certificate revocation checks from future versions of Chrome because it considers the process inefficient and slow.

Browsers currently check if a website's SSL certificate has been revoked by its issuing Certificate Authority (CA) when trying to establish an HTTPS connection. These checks are done by querying CA-operated servers through a special protocol known as OCSP (Online Certificate Status Protocol).

The problem is that browsers can't always communicate with the validation servers because of various technical problems and when something like this happens, the HTTPS connections should not be established; at least in theory.

However, because these failures can have a serious usability impact, especially when CAs experience server downtime, browser vendors have decided to ignore revocation checks that result in network errors. This is a referred to as a soft-fail.

"An attacker who can intercept HTTPS connections can also make online revocation checks appear to fail and so bypass the revocation checks," Google security engineer Adam Langley said in a blog post on Sunday.

"So soft-fail revocation checks are like a seatbelt that snaps when you crash," he said. "Even though it works 99% of the time, it's worthless because it only works when you don't need it."

This suggests that online certificate revocation checking doesn't add a lot of value to Web security in its current implementation. However, keeping it on comes at a significant cost -- browsing speed.

"The median time for a successful OCSP check is ~300ms and the mean is nearly a second," Langley said. "This delays page loading and discourages sites from using HTTPS."

After considering the drawbacks, Google decided to remove OCSP checks from future versions of Chrome and replace them with a local list of revoked certificates that can be updated without requiring a browser restart. Attackers could theoretically block the update process, but this will require more effort than blocking an OCSP revocation check, Langley said.

The security engineer invited CAs to voluntarily contribute their revoked certificates to the list by publishing them in a format and place that's accessible to Google's crawler.

Experts have raised serious questions about the security and reliability of the current SSL infrastructure during recent months, following security breaches at several CAs that resulted in rogue certificates being issued. Various proposals for improving or replacing the current system are being discussed.

http://www.computerworld.com/s/article/9224078/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 32
Member 8th Feb, 2012 21:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 33
Member 8th Feb, 2012 21:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Stable Channel Update
Wednesday, February 8, 2012 | 09:00
Labels: Stable updates
The Chrome team is excited to announce the release of Chrome 17 to the Stable Channel for Windows, Mac, Linux and Chrome Frame. 17.0.963.46 contains a number of new features including:
New Extensions APIs
Updated Omnibox Prerendering
Download Scanning Protection
Many other small changes
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 34
Member 12th Feb, 2012 01:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 35
Member 12th Feb, 2012 01:51
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Microsoft to Release 9 Security Bulletins on February 14th
Next week, Microsoft will make available its February 2012 monthly security patches for the Windows platform and various other products on it.

In the Microsoft Security Bulletin Advance Notification for February 2012, that it made public on Thursday, Microsoft announced that there would be no less than nine bulletins included in the update.

Among them, we can count four bulletins rated Critical, along with five rated Important. Seven of these are meant to patch security holes that could allow Remote Code Execution, while two of them fix breaches that could allow Elevation of Privilege.

In the said Advance Notification for February 2012, Microsoft also notes that these security patches will fix issues in Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Silverlight, Microsoft Office and Microsoft Server Software.

Users who will apply the update should keep in mind that, four of the patches will be applied only if the computer is restarted. The other five may require restart as well.

The Redmond-based software giant will offer specific info on these security patches on February 14th, when it releases the February bulletin summary.

In addition to these patches, Microsoft will deliver a new version of its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

http://news.softpedia.com/news/Microsoft-to-Releas...

--
Was this reply relevant?
+0
-0
mogs CClip 36
Member 12th Feb, 2012 01:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Firefox 10.0.1 Available for Download There have been talks about releasing a new version of Firefox this week. This chemspill release should not be too surprising since Firefox 8 and 9 already built up a pattern in this sense.

The purpose of Firefox 10.0.1 is to fix two top issues that could not wait until the launch of the future major version. One of them is a top startup crash and the other refers to Java applets causing text fields to hang.

The effects of the latter are visible when interacting with an embedded Java applet, which causes all text spaces to become unusable. Minimizing Firefox or resizing is the workaround, unless updating to Firefox 10.0.1.

Developers are also looking to block AVG Safe Search versions causing broken location bar behavior.

Currently, there is also an issue with the add-on manager but more details are to be uncovered. Also, this problem seems manageable through the release of a hotfix.

http://news.softpedia.com/news/Firefox-10-0-1-Avai...


--
Was this reply relevant?
+0
-0
mogs CClip 37
Member 12th Feb, 2012 02:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google says that both its Web and Chromium security reward programs were a big success

By Lucian Constantin | IDG News Service

Encouraged by the success of its Web and Chromium vulnerability reward programs, Google has decided to expand their scope in order to cover security issues in Chromium OS as well.

"By all available measures, the program has been a big success," said Google Security Team technical program manager Adam Mein about the company's Web vulnerability reward program, in a blog post on Thursday.

[ Also on InfoWorld: Security researchers have exposed a vulnerability in Google Wallet that could leave it open to brute-force attacks. | Stay up to date on the latest security developments with InfoWorld Security Central newsletter. ]

Since its launch in November 2010, the program has generated reports about 1,100 legitimate security issues that affected hundreds of Google's Web applications and services.

Google paid a total of $410,000 to more than 200 researchers for reporting 730 vulnerabilities that qualified for rewards. However, this is most likely just a fraction of what the company would have needed to pay in order to find the same number of vulnerabilities via professional security audits.

"Google has gotten better and stronger as a result of this work," Mein said. "We get more bug reports, which means we get more bug fixes, which means a safer experience for our users."

The company's other security reward program, which pays researchers for finding vulnerabilities in the Chromium open source browser -- the basis for Google Chrome --- has also been a big success, according to Google security engineer Chris Evans.

More at :-
http://www.infoworld.com/d/applications/google-exp...

--
Was this reply relevant?
+0
-0
mogs CClip 38
Member 12th Feb, 2012 17:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The CEOP browser provides easy one click lists for child protection advice

To mark yesterday's Safer Internet Day, Microsoft and the Child Exploitation and Online Protection Centre (CEOP) have released a new customised version of the Internet Explorer 9 (IE9) browser.

The update to CEOP's 2010 customised version of IE8 includes one-click access for Windows 7 users to both CEOP's homepage and the police agency's ThinkuKnow child safety website. Also included are menus offering direct links to relevant advice by category on both sites.

So for children the ThinkuKnow list contains information and advice by age group and the CEOP list offers parents valuable information on how to control their family's internet usage.

The customised browser also gives people instant access to CEOP if they wish to report suspicions or concerns they may have about online content or chat.


Read more: http://www.computeractive.co.uk/ca/news/2144907/ce...


--
Was this reply relevant?
+0
-0
mogs CClip 39
Member 13th Feb, 2012 11:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

TicketWeb hit by a security breach

Hackers sent emails with malicious links to customers

By Carrie-Ann Skinner | PC Advisor | 13 February 12

UK ticketing site TicketWeb has suffered a security breach which saw emails containing malicious links sent to its customers.

On Saturday February 11, customers of the ticketing site reported receiving up to four emails all with the subject 'Action Required: Update Your PDF Application'. The email claimed the recipient's version of Adobe Reader was out of date and offered a link where they could download the new version. However, the link in fact lead to a malicious site that would have infected a PC had it been clicked.

More at :-
http://www.pcadvisor.co.uk/news/security/3336851/t...

--
Was this reply relevant?
+0
-0
mogs CClip 40
Member 13th Feb, 2012 11:28
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 41
Member 13th Feb, 2012 15:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 42
Member 13th Feb, 2012 21:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla commits to Metro version of Firefox on Windows 8
First Microsoft browser rival to publicly stake out new app territory
Computerworld - Mozilla said yesterday that it will build a "proof-of-concept" version of Firefox for Windows 8's Metro touch-first interface next quarter, then follow that with more functional editions later in the year.

The company is the first of Microsoft's browser rivals to publicly commit to a Metro edition. Microsoft has said it will ship both Metro and traditional desktop versions of Internet Explorer 10 (IE10) with Windows 8 and Windows on ARM (WOA), the new OS targeting tablets and other low-powered devices.

Metro is Microsoft's label for the touch-enabled interface at the center of both Windows 8 and WOA. Windows 8 will run Metro and traditional 32- and 64-bit Windows applications, but WOA will run only those third-party apps designed for Metro.

In an update to its 2012 roadmap published Sunday, Mozilla said that it would craft a "technology proof of concept" of Firefox on Metro as a first step. "This is not [an] alpha or a beta, but should demonstrate the feasibility of Firefox in Windows 8 Metro," Asa Dotzler, the product director of Firefox, wrote in a roadmap overview

Read more at :-
http://www.computerworld.com/s/article/9224219/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 43
Member 13th Feb, 2012 21:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Terrific software and support ... for criminal botnet builders
Shadowy vendor of botnet construction kits based on Citadel Trojan provides platform with customer service that commercial software companies could learn from

By Woody Leonhard | InfoWorldFollow @infoworld


There's a new development platform on the market, and it boasts outstanding developer support.

The platform's all open source. There's a built-in developer message board, with threaded conversations and social networking features. The manufacturer not only responds to bug reports and feature suggestions, it assigns tracking numbers and, in the spirit of open source, accepts solutions both from the company's developers and from customers. The manufacturer puts new features up for a vote, implementing the ones that most developers want. The board's active, the manufacturer's responsive, and the product's reasonably stable and by all accounts quite profitable. There's even a user's manual, release notes, and a license agreement, all in Russian.

Welcome to Citadel. Botnet construction kits done right. SaaS techniques in the underground.

More at :-
http://www.infoworld.com/t/cyber-crime/terrific-so...

--
Was this reply relevant?
+0
-0
mogs CClip 44
Member 13th Feb, 2012 21:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Police warn of money-stealing computer virus
Malicious software impersonates the Metropolitan Police e-crime Unit (PCeU)
By Anh Nguyen | Computerworld UK | 13 February 12

The Metropolitan Police is warning the public to be aware of a computer virus that impersonates its e-crime unit in an effort to steal money from unsuspecting users.

The malicious software infects people's computers after users access certain websites. The police did not name specific sites, and only said that "various websites" were affected.

Once infected, the virus freezes and locks the PC, and a message (pictured) claiming to be from the Metropolitan Police Central e-crime Unit (PCeU) accuses the user of accessing pornographic websites and tells them that they have to pay a fine to unlock their computer.

"This is a fraud and users are advised not to pay out any monies or hand out any bank details.

"Genuine law enforcement agencies would never contact members of the public via this method and demand funds in this way," the police said.

More at :-
http://www.pcadvisor.co.uk/news/security/3337152/p...

--
Was this reply relevant?
+0
-0
mogs CClip 45
Member 13th Feb, 2012 22:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 46
Member 14th Feb, 2012 10:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Symantec Warns of Microsoft Office Trojan

The exploit is being delivered in an e-mail containing a Microsoft Word document along with a .dll file.

February 13, 2012 Share
Symantec researchers have uncovered a Trojan that targets a previously patched Microsoft Office security flaw.

"The exploit, which is being used in targeted attacks, arrives as an email that contains a Microsoft Word file and a separate DLL file, a rare combination considering DLL files are not typically sent over email," writes SC Magazine's Dan Kaplan.

"The trojan, dubbed 'Activehijack' by Symantec, takes advantage of a vulnerability rated 'important' that was patched by Microsoft in September with bulletin MS11-073," Kaplan writes.

Go to "Trojan appears that leverages patched Microsoft Office flaw" to read the details.

http://www.esecurityplanet.com/windows-security/sy...

--
Was this reply relevant?
+0
-0
mogs CClip 47
Member 14th Feb, 2012 10:38
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 48
Member 14th Feb, 2012 12:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 49
Member 14th Feb, 2012 13:14
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google is right that digital certificate revocation checking is broken, but wrong to abandon the standard

By Roger A. Grimes | InfoWorldFollow @rogeragrimes

I'm still trying to wrap my head around Google's surprising revelation (in Google engineer Adam Langley's blog) that it will disable online certificate revocation checking in a future version of the Chrome browser. Standard across all the leading browsers, online revocation checking is the process of conducting a verification query of a certificate authority when presented with a new digital certificate tied to a particular website. Although the certificate revocation process is currently broken, as I'll explain below, Google's Chrome-only fix is problematic in a number of ways. And a much simpler fix -- for Chrome and every other browser -- is plain for all to see.

When your browser connects to an HTTPS-protected website, it will examine the digital certificate the site presents, locate the revocation link pointer embedded in the digital certificate (if it exists), then query the indicated certificate authority to determine whether the certificate has been revoked by the issuer. Common reasons for revocation include a compromise of the certificate owner's private key or just periodic certificate replacement, but a certificate can be revoked for any reason the issuer chooses. I've seen certificates revoked because the owner didn't pay the issuer in a timely manner.

Lots more to read at :-
http://www.infoworld.com/d/security/chrome-turns-i...

--
Was this reply relevant?
+0
-0
mogs CClip 50
Member 14th Feb, 2012 16:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 51
Member 14th Feb, 2012 16:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 52
Member 14th Feb, 2012 17:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Cryptome whistleblower site reports hack
Someone has compromised the free-speech, anti-surveillance repository Cryptome.org and hid malware on the site that infected web surfers over the weekend, Cryptome.org reported.

A malicious PHP file was added to the site on Wednesday and a new directory was created that logged nearly 3,000 IP addresses between Wednesday and Sunday, according to a post on the site on Monday.

The Cryptome post said thousands of HTML files in the site's main directory were found to be contaminated with a malicious script that appeared to download exploits from the Blackhole Toolkit "that may compromise a computer though various vendor vulnerabilities", according to a Symantec description of the attack. This affects Windows platforms, Symantec says. Symantec had offered to investigate the hack, Cryptome.org added.

Meanwhile, Cryptome.org's post said the site was expected to be cleaned up by the end of Monday.

http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 53
Member 14th Feb, 2012 18:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 54
Member 14th Feb, 2012 21:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 55
Member 15th Feb, 2012 08:44
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 56
Member 15th Feb, 2012 09:05
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla outlines Firefox roadmap for 2012

Needs more than just quickfire releases
By Lawrence Latif
Tue Feb 14 2012, 17:39
OPEN SOURCE software outfit Mozilla has outlined its Firefox roadmap for 2012 by saying in effect that it wants to catch up with Google's Chrome.
Mozilla's Firefox web browser was once the answer for those who wanted to get away from Microsoft's shoddy and languishing Internet Explorer web browser. In the last two years however, Google's Chrome has seemingly come from nowhere to steal some of Firefox's thunder and it seems Mozilla wants to regain its position as the top web browser by implementing features that are already in Chrome.
In Mozilla's roadmap the outfit said Firefox for the desktop will have features such as synchronising add-ons and silent update, both features present in Chrome. Perhaps recognising the competition, Mozilla will even offer migration for Chrome users moving to Firefox.
Apart from trying to compete directly with Chrome, Mozilla aims to improve add-on compatibility and developer tools, speed up session restore and produce a 'proof of concept' for the Windows 8 Metro interface.

More to read at :-
http://www.theinquirer.net/inquirer/news/2152463/m...

--
Was this reply relevant?
+0
-0
mogs CClip 57
Member 15th Feb, 2012 10:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Tuesday, February 14, 2012 | 17:16
Labels: Dev updates
The Dev channel has been updated to 19.0.1041.0 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:

Make speech input bubble borders close with the bubble [Issue: 112194]
Fixed stability issues [Issues: 113531, 113492, 113654, 113546, 113847, 114011]

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome


--
Was this reply relevant?
+0
-0
mogs CClip 58
Member 15th Feb, 2012 11:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
STRATFOR Customers Targeted with Malware

E-mails warning of malicious attachments include a link that delivers a variant of the ZBot Trojan.

Microsoft is warning that customers of STRATFOR are still being targeted by malicious spam.

"The messages themselves, ironically enough, are warnings that advise those impacted by the breach to avoid these exact types of scams," writes The Tech Herald's Steve Ragan. "The messages arrive with a PDF attachment, named simply 'stratfor.pdf.' Once opened, the PDF displays a letter discouraging the reader from opening emails and attachments from 'doubtful senders' and encourages them to 'check all e-mails and attachments with antivirus.'"

"The message is mostly harmless at this point, aside from the link to download the anti-virus software," Ragan writes. "The link itself points to either a server in Turkey or Poland, and serves a variant of the ZBot Trojan, which will siphon off personal information including passwords and financial details."

Go to "Stratfor customers plagued by malicious emails" to read the details.

http://www.esecurityplanet.com/malware/stratfor-cu...

--
Was this reply relevant?
+0
-0
mogs CClip 59
Member 15th Feb, 2012 11:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 15th Feb, 2012 21:15
Adobe Patches Critical Shockwave Vulnerabilities

The flaws affect Adobe Shockwave Player 11.6.3.633 and earlier, for both Mac and Windows.

Adobe has released a Shockwave Player update that patches at least nine critical security flaws.

"According to an advisory from Adobe, the flaws affect Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems," writes ZDNet's Ryan Naraine.

"'These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634,' the company said," Naraine writes.

Go to "Adobe plugs critical holes in Shockwave Player" to read the details.

http://www.esecurityplanet.com/patches/adobe-patch...

--
Was this reply relevant?
+0
-0
mogs CClip 60
Member 15th Feb, 2012 21:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Mozilla to ask certificate authorities to revoke SSL-spying certificates
Mozilla's planned grace period for man-in-the-middle sub-CA certificate revocations could pose issues

By Lucian Constantin

IDG News Service - Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect SSL-encrypted traffic for domain names they don't control.

The plan, whose details are still being worked out, is Mozilla's response to Trustwave's recent claim that the use of such certificates for SSL (Secure Sockets Layer) traffic management within corporate networks is a common practice.

After a week of debating whether to punish Trustwave for violating its CA Certificate Policy, Mozilla has decided to send a communication to all certificate authorities asking that they come clean about similar certificates and to revoke them.

"My intent is to make it clear that this type of behavior will not be tolerated for subCAs chaining to roots in NSS [Mozilla's Network Security Services], give all CAs fair warning and a grace period, and state the consequences if such behavior is found after that grace period," said Kathleen Wilson, the owner of Mozilla's CA Certificates Module, in an entry on Bugzilla.

More at :-
http://www.computerworld.com/s/article/9224249/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 61
Member 15th Feb, 2012 21:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Chrome Stable Update
Wednesday, February 15, 2012 | 12:00
Labels: Stable updates
The Chrome Stable channel has been updated to 17.0.963.56 on Windows, Mac, Linux and Chrome Frame. This release fixes a number of stability and security issues in Chrome, and also includes a new version of Flash. More info on the Flash update is available from Adobe.

Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

http://googlechromereleases.blogspot.com/

--
Was this reply relevant?
+0
-0
mogs CClip 62
Member 15th Feb, 2012 21:30
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 63
Member 15th Feb, 2012 21:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
New Trojan Using Microsoft Office Exploit Found in the Wild

Written by
Ravi Mandalia..
15 February, 2012symantec microsoft office vulnerability trojan

Symantec has detected a Trojan which targets an already patched Microsoft Office security flaw. This Trojan is delivered via an e-mail which contains a Microsoft Word document and a .dll (Dynamic Link Library) file.

The moment a user opens the email that user's system would be infected with the Trojan. In an official Symantec blog, Takayoshi Nakayama, a researcher at Symantec, stated that the exploiter has utilised an ActiveX control that has been embedded in the Word document and further stated "When the Word document is opened, the ActiveX control calls fputlsat.dll which has the identical file name as the legitimate .dll file used for the Microsoft Office FrontPage Client Utility Library."


According to the researcher once the flaw is exploited successfully by the attacker, malware is dropped onto the system. The researcher has warned that anyone receving an email with an attachment containing 'fputlsat.dll' should be extra careful.



Read more: http://www.itproportal.com/2012/02/15/new-trojan-u...

--
Was this reply relevant?
+0
-0
mogs CClip 64
Member 15th Feb, 2012 21:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 65
Member 16th Feb, 2012 09:29
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Royal Philips Electronics Hit by Security Breach

The compromised server was shut down within an hour after employees discovered the breach.

February 15, 2012 Share
Royal Philips Electronics has reported that it experienced a "possible security event" affecting part of its Web site on Monday.

"The compromised server was shut down within an hour of Philips employees discovering the breach, the company said," writes PCWorld's Grant Gross.

"'We are currently assessing the nature and extent of information that may have been accessed and a full investigation is in place,' the company said in a statement," Gross writes.

Go to "Royal Philips Electronics Reports Web Security Breach" to read the details.

http://www.esecurityplanet.com/network-security/ro...

--
Was this reply relevant?
+0
-0
mogs CClip 66
Member 16th Feb, 2012 15:55
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Last edited on 16th Feb, 2012 16:00
Beta Channel Update
Wednesday, February 15, 2012 | 17:18
Labels: Beta updates
The Beta channel has been updated to 18.0.1025.33 for (All|Windows|Mac|Linux|ChromeFrame) platforms

All
Updated V8 - 3.8.9.6
Fixed several crashes (Issues: 110943, 110234, 110176, 108986)
Sync: Conflicting sync entries should not be committed (Issue: 82236)
Back button frequently hangs (Issue: 93427)
Fixed Speech input bubble borders don't closing (Issues: 98323, 112194)
Improved the quality of the omnibox
Mac
Fixed Gap between download shelf and vertical scrollbar (Issue: 111266)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 67
Member 16th Feb, 2012 16:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 68
Member 16th Feb, 2012 16:09
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 69
Member 16th Feb, 2012 16:12
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 70
Member 16th Feb, 2012 16:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 71
Member 17th Feb, 2012 09:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 72
Member 17th Feb, 2012 11:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Salesforce's Vivek Kundra argues that more information needs to be shared about cyber threats worldwide
By Hamish Barwick | Computerworld Australia | 17 February 12

The formation of a global cyber security group similar to the World Health Organisation (WHO) is required in order to share vital information, according to former United States Federal Government chief information officer, Vivek Kundra.

Speaking at the Australian Information Industry Association (AIIA) Summit in Canberra, Kundra, who is now executive vice-president of emerging markets for Salesforce.com, said the proposal came as a result of trying to securely manage 2094 data centres during his CIO tenure at the White House.

"In the context of federal [government] systems, we realised that with 2094 data centres we were not very secure," Kundra said. "The fragmented infrastructure and uneven talent distribution in terms of managing those data centres was creating vulnerabilities."

Another problem Kundra faced was US government officials sometimes believing that because they owned and operated the system, they were more secure. "If you think about national security, our [US] command and control infrastructures have been under attack since the days of the Pony Express," he said.

More to read at :-
http://www.pcadvisor.co.uk/news/security/3338231/w...

--
Was this reply relevant?
+0
-0
mogs CClip 73
Member 17th Feb, 2012 12:21
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 74
Member 17th Feb, 2012 15:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

RSA brushes off crypto research findings that RSA algorithm is flawed
RSA says researchers' results don't indicate a fundamental flaw in the RSA algorithm but more likely a problem with implementing it

By Ellen Messmer | Network World


After having its flagship RSA crypto system called flawed this week by prominent researchers in a paper they made available online, EMC's RSA security division struck back by saying the paper's results don't indicate a fundamental flaw in the RSA algorithm but more likely a problem with implementing it.

"On Feb. 14th, a research paper was submitted for publication stating that an alleged flaw has been found in the RSA encryption algorithm," RSA said Thursday in a statement. "Our analysis confirms to us that the data does not point to a flaw in the algorithm, but instead points to the importance of proper implementation, especially regarding the exploding number of embedded devices that are connected to the Internet today."

Ari Juels, chief scientist for RSA, told Network World that "the study is useful" as it pertains to the "failures of crypto protocols during random-number generation." But he faults its core idea that the RSA algorithm is somehow fundamentally flawed.

More at :-
http://www.infoworld.com/d/security/rsa-brushes-cr...

--
Was this reply relevant?
+0
-0
mogs CClip 75
Member 17th Feb, 2012 15:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 76
Member 17th Feb, 2012 19:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft collects measurements to speed up Internet Explorer

Could save time by downloading Chrome or Firefox SOFTWARE REDEVELOPER Microsoft is taking 5.7 million measurements a day to help it make Internet Explorer the fastest web browser on the market.
Microsoft had been panned for its years of neglect of the Internet Explorer web browser and letting it become a security nightmare. In an attempt to show how seriously it takes Internet Explorer development today, Microsoft said it is running round-the-clock tests in its Internet Explorer Performance Lab as it rather belatedly tries to make its browser the fastest on the market.
For Microsoft, Internet Explorer is one of the firm's major consumer facing applications and with rival outfits Google and Mozilla promoting faster web browsing, Microsoft knows it can't be left behind again. The firm claims to measure Internet Explorer's performance loading content and web applications through peusdo real-world testing down to the nanosecond level.
Microsoft's Internet Explorer Performance Lab uses over 120 machines of varying hardware specifications to try to resolve Internet Explorer's performance issues. Curiously Microsoft decided not to connect these machines to the internet but to its own managed network, where it tries to simulate different connections, effectively creating a little version of the internet.
There's little doubt Microsoft is taking Internet Explorer performance seriously. Its considerable resources should mean it can outspend some of its rivals, however with Mozilla's Firefox and Google's Chrome eating up Internet Explorer's market share, all this testing is perhaps five years too late

http://www.theinquirer.net/inquirer/news/2153328/m...

--
Was this reply relevant?
+0
-0
mogs CClip 77
Member 17th Feb, 2012 19:57
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 78
Member 17th Feb, 2012 22:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
From earlier in the week...........more info :-
Microsoft Mistakenly Claims Google Home Page Infected With Blackhole


Microsoft quickly updated its security tools after users reported seeing warnings that Google's home page was infected with the Blackhole exploit kit.

Microsoft's Forefront corporate security products and the consumer-focused Security Essentials anti-malware software were updated Feb. 14, shortly after the company announced nine bulletins for its scheduled Patch Tuesday release. Corporate users trying to access Google's home page through the Forefront TMG proxy were warned that the search page was infected, Manuel Humberto Santander Pelaez, wrote on the SANS Institute's Internet Storm Center Diary.

"Access to the requested file is blocked due to a detected infection," the message said, before identifying the infection as Exploit:JS/Blacole.BW.

Pelaez analyzed the packets and was unable to find anything wrong. Security writer Brian Krebs saw a similar warning on a Windows XP machine running Microsoft Security Essentials. Microsoft's Technet support forums were full of questions from concerned users and administrators.

"For whatever reason, Microsoft's security software thought Google's home page was infected with a Blackhole Exploit Kit," Krebs wrote.

The Blackhole exploit kit is a popular attack kit used to compromise legitimate Websites and direct users to malicious portals that download more malware, steal data or perform other nefarious acts. The kit is regularly updated with new exploits and can be used to launch attacks targeting vulnerabilities in Java, Adobe and Microsoft products.

Leak repository Cryptome disclosed it had recently been infected with Blackhole and may have redirected about 2,900 visitors to malicious sites. The kit was the source of about 95 percent of all malicious links identified by M86 researchers between July and December 2011.

False positives happen with security products, and Microsoft was able to push out a new update within four hours to fix the problem.

"Microsoft AV team is removing the detection from Signature. 1.119.1986.0 or higher will contain this change," Microsoft Support said.

As false positives go, this was a minor one, as the security tool did not try to remove or modify files in order to clean up the perceived threat. If the user clicked on the "remove" option to clean the infection, the software reported that it was unable to find the threat, according to Krebs.

Interestingly enough, it appears that the false positive was detected when users landed on the Google home page using the Internet Explorer Web browser or actually performed a search using Mozilla Firefox. Google Chrome or Safari users did not appear to have seen the warning. Some users on Technet reported seeing warnings on any site using Google Adwords or Google Analytics.

http://securitywatch.eweek.com/microsoft/microsoft...

--
Was this reply relevant?
+0
-0
mogs CClip 79
Member 18th Feb, 2012 21:34
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

The lowdown on Google's Safari tracking cookies
By Brad Reed
February 17, 2012
Network World - A grad student has caught Google with its hand in the cookies jar.

Jonathan Mayer, a graduate student at Stanford, caused a major stir this morning when he published research showing how Google used loopholes within Apple's Safari browser cookie-blocking policy to place unexpected third-party cookies within the browser. In this article we'll detail Mayer's findings and their implications for Safari users.

ANALYSIS: 5 key points from Google's privacy policy letter to Congress

A GOOGLE REED-ER: Tech's original Great Satan calls out Google for being evil

What are cookies and why should I care?

For the uninitiated, cookies are HTTP headers that are used by websites to track users' behavior when visiting their sites. Some cookies, however, are not used by first-party websites that the user is visiting but by third-party websites such as advertisers who happen to have links embedded onto the website the user is visiting. Apple's cookie-blocking technology is intended to block the cookies employed by these third-party sites so that users don't find themselves tracked by every single advertiser they come across on the Web. What's more, Apple enables cookie blocking on its Safari browser as a default setting, meaning that Safari users have typically felt comfortable browsing the Web without fear of being tracked by third-party cookies.

So what has Google done to circumvent Safari's protections?

Read more at :-
http://www.computerworld.com/s/article/9224376/The...

--
Was this reply relevant?
+0
-0
mogs CClip 80
Member 18th Feb, 2012 21:43
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
FBI to Take Out Internet on March 8?

Written by
Ravi Mandalia

18 February, 2012trojan internet fbi dns

The Federal Bureau of Investigation is reportedly planning to temporarily shut down a number of domain name servers on the coming March 8, thus restricting web access to millions of computers worldwide.

Apparently, the action will be taken by the FBI to engage and nullify a threat named DNSChanger Trojan, known for its ability to alter the DNS settings in the victims' computers, and thus forcing them to visit to certain unsavoury sites.

DNSChanger Trojan was allegedly designed and unleashed in the webspace by six Estonian nationals who were later apprehended by the country's authorities last year. The malware spread rather quickly and infected computer systems in over 100 countries.

According to reports, half a million computers have already been infected by the malware in the US alone, thus forcing FBI to take this decisive step in order to tackle the issue once and for all.



Read more: http://www.itproportal.com/2012/02/18/fbi-to-take-...

--
Was this reply relevant?
+0
-0
mogs CClip 81
Member 18th Feb, 2012 21:53
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 82
Member 20th Feb, 2012 10:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Truth About the March 8 Internet Doomsday
While it's true some users may lose their Internet access next month, it's not the FBI's fault
By Christina DesMarais | PC World | 20 February 12

Heard the one about the FBI shutting down the Internet next month?

Like many memes before it, this dire warning is floating around blogs and sites. It even names a date: March 8 as the day the FBI might "shut down the Internet." But relax, that's not really the case.

While yes, an untold number of people may lose their Internet connection in less than three weeks, if they do they only have nefarious web criminals to blame and certainly not the FBI.

If people end up in the dark on March 8 it's because they're still infected with the malware the FBI started warning people about last November when it shut down a long-standing Estonian Web traffic hijacking operation that controlled people's computers using a family of DNSChanger viruses. The malware works by replacing the DNS (Domain Name System) servers defined on a victim's computer with fraudulent servers operated by the criminals. As a result, visitors are unknowingly redirected to websites that distributed fraudulent software or displayed ads that put money into the bad guys' pockets.

More at :-
http://www.pcadvisor.co.uk/news/security/3338622/t...

--
Was this reply relevant?
+0
-0
mogs CClip 83
Member 20th Feb, 2012 11:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 84
Member 20th Feb, 2012 15:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

By John Leyden
Posted in ID, 20th February 2012 14:01 GMT

Google is developing a password-generating tool that will bolt into its Chrome browser.

The technology is designed to painlessly create hard-to-guess passwords when users sign up to websites. Whenever a site presents surfers with a field requiring a password, Chrome will display a key icon, giving users the option of allowing the browser to generate the secret for them. This password, provided a user accepts it and it meets the site's security criteria, is reused next time the site is accessed.


Google is positioning the technology as an interim workaround for the well-known shortcomings of asking humans to come up with memorable non-trivial passwords, until more websites support OpenID, which Google views as a long-term solution to the problem.*

The ad brokering giant neatly summarises the pitfalls of password use that makes its tool potentially useful:

Passwords are not a very good form of authentication. They are easy to use but they are trivial to steal, either through phishing, malware, or a malicious/incompetent site owner (Gawker, Sony, etc.) Furthermore, since people are so apt to reuse passwords losing one password leaks a substantial amount of your internet identity.

Read more at :-
http://www.theregister.co.uk/2012/02/20/google_bro...

--
Was this reply relevant?
+0
-0
mogs CClip 85
Member 20th Feb, 2012 22:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
McAfee to update problem Firefox extension
By Tom Espiner , 20 February, 2012 12:24

McAfee has said it will update a Firefox extension that Mozilla developers had identified as causing performance issues for Firefox users.

The problem is caused by a memory leak in the McAfee Site Advisor add-on, and will be updated around Wednesday this week, McAfee told ZDNet UK sister site CNet.com on Friday.

"McAfee is aware of a memory leak associated with SiteAdvisor 3.4.1 affecting some Firefox 10 users, resulting in a potentially slower than normal browsing experience," McAfee said in the statement. "No data is at risk. The issue has been isolated and resolved, and fix deployment is targeted for the middle of next week."

Read more at :-
http://www.zdnet.co.uk/blogs/security-bullet-in-10...

--
Was this reply relevant?
+0
-0
mogs CClip 86
Member 20th Feb, 2012 22:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
HijackThis Goes Open Source

Written by
Desire Athow
..
20 February, 2012hijack this trend micro hackers hacking

Security software maker Trend Micro has given its security application, Hijackthis, to the open source community, the company announced.

The source code for HijackThis, which was written in VisualBasic, is now available for the developers community at SourceForge.

HijackThis is a popular program produced by Trend Micro that specialises in scanning users' computers for any changes carried out by malware, spyware or other external threats.

The program generates a detailed report after the initial scan that experienced users can exploit to identify any potential threats affecting their systems.


The program's log files are extensively used by security communities all across the world for helping malware victims to detect and eliminate any dangers.



Read more: http://www.itproportal.com/2012/02/20/hijackthis-g...

--
Was this reply relevant?
+0
-0
mogs CClip 87
Member 20th Feb, 2012 22:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla gives CAs a chance to come clean about certificate policy violations
Mozilla asks CAs to revoke all sub-CA certificates that are used for SSL traffic interception, or face penalties if found out later

By Lucian Constantin

IDG News Service - Mozilla has asked all certificate authorities (CAs) to revoke subordinate CA certificates currently used for corporate SSL traffic management, offering an amnesty to any CAs that had breached Mozilla's conditions for having their root certificates ship with its products.

The request comes after Trustwave recently admitted to issuing a sub-CA certificate to a private company for use in a data loss prevention system.

Sub-CA keys can be used to sign SSL certificates for any domain name on the Internet, which makes them very dangerous if they fall in the wrong hands.

Even though Trustwave argued that the sub-CA key in question was stored in a hardware security module (HSM), making it irretrievable, the fact that such a powerful certificate was issued to a private company that wasn't a certificate authority, represents a violation of Mozilla's policy for CAs.

More at :-
http://www.computerworld.com/s/article/9224406/Moz...

--
Was this reply relevant?
+0
-0
mogs CClip 88
Member 21st Feb, 2012 14:54
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Microsoft doubles support lifespan for consumer Windows 7, Vista
Will patch Windows 7 until 2020, Vista until 2017


By Gregg Keizer
February 20, 2012 08:23 PM ET1 Comment
Computerworld - Microsoft has quietly extended support for the consumer versions of Windows 7 and Windows Vista by five years, syncing them with the lifespan of enterprise editions.

The move is part of a revamp of the company's support policies for its operating systems, Microsoft said.

Previously, Microsoft had committed to support consumer software with security updates, and bug and stability fixes, for five years, a period designated as "mainstream" support. Meanwhile, business software was supported for at least 10 years: The first half in mainstream support, the second in "extended" support.

During extended support, Microsoft provides security patches to everyone, but offers other fixes only to organizations that have signed support contracts with Microsoft.

Until the change, Vista's consumer editions -- Home Basic, Home Premium, Starter and Ultimate -- were to be retired from support in less than two months, on April 10, 2012. The new policy extends that date to April 11, 2017.

Read more at :-
http://www.computerworld.com/s/article/9224434/Mic...

--
Was this reply relevant?
+0
-0
mogs CClip 89
Member 21st Feb, 2012 15:03
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 90
Member 21st Feb, 2012 18:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Researchers defeat video CAPTCHA antispam tests
Security researchers have found a way to beat NuCaptcha video-based security tests that websites use to stop spam bots

By Lucian Constantin
February 21, 2012 09:03 AM ET
IDG News Service - A team of researchers has devised a method to defeat NuCaptcha, one of the most popular video-based antispam tests on the Internet, and have proposed a solution to increase its resilience to attacks.

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart" and is meant to protect websites from automated spam bots.

Most people are familiar with image-based CAPTCHAs that require users to input a string of distorted characters in order to prove that they are human. However, there are also audio and video variants of such tests.

NuCaptcha is a video-based CAPTCHA implementation that uses animation techniques in order to make it harder for spam bots to decipher the characters. Its creators claim that NuCaptcha has the highest usability and security levels of any CAPTCHA on the market

More at :-
http://www.computerworld.com/s/article/9224439/Res...

--
Was this reply relevant?
+0
-0
mogs CClip 91
Member 22nd Feb, 2012 10:20
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 92
Member 22nd Feb, 2012 10:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Beta Channel Update
Tuesday, February 21, 2012 | 16:22
Labels: Beta updates


The Beta channel has been updated to 18.0.1025.39 for Windows, Mac, Linux and Chrome Frame platforms

All
Updated V8 - 3.8.9.8
Fixed several crashes (Issues: 111376, 108688, 114391)
Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476)
Sync: Sessions aren't associating pre-existing tabs (Issue: 113319)
Fixed All "Extensions" make an entry under the "NTP Apps" page (Issue: 113672)
Windows
Print Dialog Partly Off Screen w/ Windows 7 Vertical Taskbar (Issue: 112614)
"Recently Closed" menu is missing after restarting Chrome (Issue: 110785)
Fixed Garbled text on the SSL chip displayed in the Omnibox (Issue: 114168)
Mac
Fixed Custom cursor decoding with wrong color (Issue: 114598)
Fixed Custom image cursor makes the cursor disappear altogether (Issue: 111027)
Fixed Chrome on dual-GPU NVIDIA/Intel MacBook Pro hangs browser (Issue 113703)
More details about additional changes are available in the svn log of all revisions. If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 93
Member 22nd Feb, 2012 11:46
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
5 free Android security apps for your smartphone
These free Android security apps from Symantec, AVG, Avast, and more will not only keep malware away but help find your smartphone when it's missing

By Eric Geier | Computerworld

Read more at :-
http://www.infoworld.com/d/mobile-technology/5-fre...

--
Was this reply relevant?
+0
-0
mogs CClip 94
Member 22nd Feb, 2012 11:56
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
McAfee: Spam in retreat in UK
By Lance Whitney, CNET News, 22 February, 2012 10:41

Spam hit its lowest level in years in the final quarter of 2011, especially across popular targets such as the UK, Brazil, Argentina and South Korea, McAfee has reported.

However, the US and Germany saw their rates inch up slightly. And although spam levels have declined overall, junk mail is still a clear danger because of the increase in spear phishing, or more targeted attacks. In years past, spammers sent their payloads to a slew of random addresses, hoping to ensnare at least a small percentage of users. But now address lists are more accurate, McAfee said in its report (PDF).

Botnets, or computers tricked into running malicious software, surged in growth in November and December following a drop since August. A few countries saw a decline in botnet activity, but most experienced a significant jump, McAfee said.

http://www.zdnet.co.uk/news/security-threats/2012/...

--
Was this reply relevant?
+0
-0
mogs CClip 95
Member 22nd Feb, 2012 20:27
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Researcher: 200,000 Windows PCs vulnerable to pcAnywhere hijacking
Users aren't patching problem-plagued remote access program; up to 5K point-of-sale systems at risk

By Gregg Keizer
February 22, 2012 12:27 PM ET
Computerworld - As many as 200,000 systems connected to the Internet could be hijacked by hackers exploiting bugs in Symantec's pcAnywhere, including up to 5,000 running point-of-sale programs that collect consumer credit card data, a researcher said today.

The revelations came just four weeks after Symantec took the unprecedented step of telling pcAnywhere users to disable or uninstall the program because attackers had obtained the remote access software's source code.

Several days later, Symantec said it had patched all the known vulnerabilities in pcAnywhere, but declined to declare that the product was safe to use.

According to Rapid7, which prowled the Web looking for pcAnywhere systems, an estimated 150,000-to-200,000 PCs are running an as-yet-unpatched copy of the Symantec software, and are thus vulnerable to be hijacked by remote attacks, which could commandeer the machine's keyboard and mouse, and view what's on the screen.

More at :-
http://www.computerworld.com/s/article/9224481/Res...

--
Was this reply relevant?
+0
-0
mogs CClip 96
Member 22nd Feb, 2012 20:32
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 97
Member 22nd Feb, 2012 20:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
YouPorn Coding Error Exposes Details of a Million Members

Read more: http://www.itproportal.com/2012/02/22/youporn-codi... Popular pornography streaming website YouPorn has inadvertently exposed the login information of over a million members due to a simple coding flaw.
Discovered and highlighted by Sweden's largest web forum Flashback.org, the exposed information contained usernames, passwords and email addresses - including their sign up date.
According to EuroSecure, the coding gaff was in the form of a publicly accessible URL on YouPorn's chat subdomain, which listed debug logging - and it's been running since 2007. That means if you have an account on that site that was registered after that date, chances are your details were accessible.
In order to mitigate the backlash over the incident, the chat portion of YouPorn is now down, though the site proper still remains online.


Read more: http://www.itproportal.com/2012/02/22/youporn-codi...

--
Was this reply relevant?
+0
-0
mogs CClip 98
Member 23rd Feb, 2012 20:58
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google commits Chrome to support 'Do Not Track'
Do Not Track researcher sees 'great step forward' as last holdout jumps on bandwagon

By Gregg Keizer
February 23, 2012 02:29 PM ET
Computerworld - Google will add support for "Do Not Track" to its Chrome browser by the end of this year.

The move is a reversal for Google, which has resisted supporting the technology that lets users opt out of the online tracking conducted by websites and advertisers.

Google's change of heart came as the White House today pushed a privacy bill of rights and said it would introduce new online privacy legislation in Congress.

Chrome joins other browsers -- Microsoft's Internet Explorer 9 (IE9) and Mozilla's Firefox -- which can already transmit special information with every HTTP page request that tells sites the user does not want to be tracked.

More at :-
http://www.computerworld.com/s/article/9224543/Goo...

--
Was this reply relevant?
+0
-0
mogs CClip 99
Member 23rd Feb, 2012 21:10
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 100
Member 23rd Feb, 2012 21:16
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 101
Member 23rd Feb, 2012 21:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Avast Free Antivirus 7 adds cloud updates, file reputation and remote assistance
Avast Free Antivirus version 7 improves existent features and adds several new ones
By Lucian Constantin | 23 February 12

Avast Free Antivirus 7 is set to be released on Thursday and will have new features including cloud-based updates, remote assistance and file reputation.

Avast Free Antivirus is one of the most popular antimalware products for consumers. According to statistics supplied by the vendor, the program has over 150 million active users.

Version 7 has a new remote assistance feature that allows Avast users to help other people who also use the program solve technical or malware-related issues by temporarily taking control of their computers.

The remote assistance sessions are routed through Avast's servers in order to ensure their security and can only be initiated by the users whose computers will be controlled.

When a session is initiated, an 8-digit code gets generated and needs to be communicated to the remote user, Avast Software's chief technology officer Ondrej Vlcek said.

The remote assistance feature doesn't require any special firewall rules or exceptions to work, because it relies only on outbound connections to Avast's server, Vlcek said.

Read more at :-
http://www.pcadvisor.co.uk/news/security/3339778/a...

--
Was this reply relevant?
+0
-0
mogs CClip 102
Member 23rd Feb, 2012 22:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 103
Member 24th Feb, 2012 09:36
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 104
Member 24th Feb, 2012 09:42
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Thursday, February 23, 2012 | 16:16
Labels: Dev updates
The Dev channel has been updated to 19.0.1049.3 for Windows, Mac, Linux and Chrome Frame. This build contains following stability and bug fixes:

All
Updated V8 - 3.9.8.0
Marked the Certum Trusted Network CA as an issuer of extended-validation (EV) certificates.
Fixed importing of bookmarks, history, etc. from Firefox 10+.
Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636, 112676
Mac
Worked around lockups of mid-2010 MacBook Pros (dual NVIDIA/Intel GPUs) running 10.7. Please stress test Flash, WebGL and other GPU accelerated content on such machines and file bugs referencing Issue 113703 if issue persists.
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome

--
Was this reply relevant?
+0
-0
mogs CClip 105
Member 24th Feb, 2012 09:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Mozilla is readying an OS agnostic app store

Opening soon
By Dave Neal
Thu Feb 23 2012, 17:36


OPEN SOURCE NON-PROFIT software development outfit Mozilla is working towards an operating system agnostic apps store.
The organisation said that its aims are "people-centric" and will give users and developers a lot more freedom, choice and opportunity when they want to look for apps for several operating systems in one place or develop one application for all available devices.
"The Web is the largest platform in the world. We are enabling the Web to be the marketplace, giving developers the opportunity to play on the biggest playing field imaginable," said Todd Simpson, Mozilla's chief of innovation.
"By building the missing pieces, Mozilla is now unlocking the potential of the Web to be the platform for creating and consuming content everywhere."
The outfit is opening up for developer submissions at Mobile World Congress next week, and there it is looking for apps that ignore confines like devices and operating systems and are based on open web technologies like HTML5, Javascript and CSS.

More at :-
http://www.theinquirer.net/inquirer/news/2154747/m...

--
Was this reply relevant?
+0
-0
mogs CClip 106
Member 24th Feb, 2012 23:59
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Open source code quality is as good as proprietary software

Millions of lines of code tested
By Robert Jaques
Fri Feb 24 2012, 10:39

CONFIRMING what many software engineers have suspected for a while, code analysis shows that the quality of open source code matches or exceeds that of proprietary software.
The results come from the 2011 Coverity Scan Open Source Integrity Report (Scan), a public-private sector research project that was initiated by Coverity and the US Department of Homeland Security in 2006. For the project researchers waded through over 37 million lines of open source software code and over 300 million lines of proprietary software code.
Code from 45 of the most active open source projects in Scan were analysed. The average open source project in Scan has 832,000 lines of code. The average defect density - the number of defects per thousand lines of code - across open source projects in Scan was found to be 0.45.
In addition over 300 million lines of code from 41 proprietary codebases of anonymous Coverity users were analysed. The average codebase had 7.5 million lines of code and the average defect density over the proprietary codebases analysed was found to be 0.64.
According to Coverity, both open source code quality and proprietary code quality, as measured by defect density, was better than the average for the software industry, which is a defect density of 1.0.

More at :-
http://www.theinquirer.net/inquirer/news/2154870/s...

--
Was this reply relevant?
+0
-0
mogs CClip 107
Member 25th Feb, 2012 00:07
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 108
Member 25th Feb, 2012 11:47
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Malware grows to the tune of 75 million samples in 2011: McAfee
Security vendor finds malware is still prevalent online despite decline in Q4
By Patrick Budmar | Australian Recruitment Network | 25 February 12

Despite McAfee predicting that unique malware samples would hit 75 million in 2011, the security vendor actually found that the real number actually surpassed that estimate.

The vendor's latest report, McAfee Threats Report: Fourth Quarter 2011, finds that while new malware slowed in Q4, mobile malware was on the rise and experienced its busiest period to date.

McAfee Labs senior vice-president, Vincent Weafer, found the thread landscape in 2011 highly evolved, with a change in the motivation typical for cyber attacks.

"Increasingly, we've seen that no organisation, platform or device is immune to the increasingly sophisticated and targeted threats," he said.

While the good news in the report was that PC-based malware was found to have declined throughout Q4 of 2011, reaching a level that was in fact significantly lower than the same quarter a year earlier, the fact is unique malware samples exceeded 75 million.

More at:-
http://www.pcadvisor.co.uk/news/security/3340078/m...

--
Was this reply relevant?
+0
-0
mogs CClip 109
Member 25th Feb, 2012 22:26
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google: New privacy policy to have little impact on enterprise
The company says it will not share data between its enterprise apps and personal Google accounts By Grant Gross and Juan Carlos Perez | IDG News Service


Google's plan to share user data across its online services will have little effect on users of the company's enterprise, government, and education application suites, the company said.

The rewrite of Google's privacy policies, scheduled to roll out March 1, will not change Google Apps for business, government and education because those applications suites already link services such as email and calendars, Google spokesmen said. If a user of one of those suites logs into a separate personal Google account, such as YouTube or Google+, those services will not share the user's personal information with the enterprise suites, they said.

Google will not establish relationships between users' work accounts and personal accounts, a spokesman said.

More at :-
http://www.infoworld.com/d/applications/google-new...

--
Was this reply relevant?
+0
-0
mogs CClip 110
Member 26th Feb, 2012 19:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Analyst: Microsoft won't copy Apple's online-only sales for Windows 8
But may trim upgrade edition count by dropping Ultimate from retail

By Gregg Keizer
February 24, 2012 03:59 PM ET
Computerworld - Microsoft will probably trim the number of Windows 8 editions it will sell later this year, but won't mimic Apple's online-only approach to OS upgrades, a retail sales analyst said today.

In developed countries, including the U.S., Microsoft offers Windows 7 in four SKUs, or editions: Home Premium, Professional, Enterprise and Ultimate. All but Enterprise -- available only to volume licensees such as major corporations -- are sold to the general public.

Evidence uncovered by ZDNet blogger Stephen Chapman -- who found a list of Windows 8 SKUs on a pair of Hewlett-Packard support documents -- hints at just three editions of the upcoming OS: a generic "Windows 8," Professional and Enterprise.

More at :-
http://www.computerworld.com/s/article/9224599/Ana...

--
Was this reply relevant?
+0
-0
mogs CClip 111
Member 26th Feb, 2012 20:00
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 112
Member 27th Feb, 2012 13:33
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 113
Member 27th Feb, 2012 15:39
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Wikileaks publishes hacked Stratfor emails

WikiLeaks has published some of the five million emails stolen from security think tank Stratfor.
By Stephen Grey, Reuters, 27 Feb 2012 at 11:03

Anti-secrecy group WikiLeaks has gone public with emails stolen from a US-based global security analysis company that has been likened to a shadow CIA.

The emails - which number five million in total and were snatched by hackers - could unmask sensitive sources and throw light on the murky world of intelligence-gathering by the company known as Stratfor, which counts Fortune 500 companies among its subscribers.

Having had our property stolen, we will not be victimised twice by submitting to questioning about them.
Stratfor in a statement shortly after midnight EST (0500 GMT) said the release of its stolen emails was an attempt to silence and intimidate it.

More at :-
http://www.itpro.co.uk/639154/wikileaks-publishes-...

--
Was this reply relevant?
+0
-0
mogs CClip 114
Member 27th Feb, 2012 21:06
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 115
Member 28th Feb, 2012 12:37
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK

Free tool silently updates most Windows software
Secunia's PSI 3.0 hits beta, eliminates the need to run scads of update services

By Gregg Keizer
February 27, 2012 03:22 PM ET1 Comment
Computerworld - Danish security company Secunia today released a beta version of its PSI 3.0 utility that automatically downloads updates for Windows programs and plug-ins created by thousands of third-party vendors.

Personal Software Inspector (PSI) 3.0, the latest in Secunia's line of out-of-date-software scanners, will ship in final form this June.

Secunia pitched PSI 3.0 as a silent update mechanism for Windows software whose makers, unlike Microsoft and a few other developers, have not created a background tool to keep their programs up-to-date.

"The new version...offers extended automatic patching using the Secunia Package System (SPS), thereby removing the dependency on vendors providing silent installers," said Secunia in a statement.

SPS is Secunia's proprietary tool for creating customized installation packages, and was borrowed from the company's enterprise utility, Corporate Software Inspector.

PSI 3.0 scans a user's Windows PC and examines a slew of files -- primarily .exe, .dll and .ocx files -- to collect meta-data recorded on the hard drive by vendors when one of the applications or other programs are installed. The utility then ships that data to Secunia's servers, where it's matched against a list of file signatures.

When the signatures on a PC don't match those on Secunia's list, PSI 3.0 interprets that as indicating out-of-date software. PSI then assembles the required updates, pushes them to the machine and installs them.

Some user interaction may be required -- when Computerworld ran PSI 3.0 on Windows 7, it asked to identify the language edition of Firefox that should be installed -- but for the most part it's a fire-and-forget tool. There are no settings to modify, for example, and the utility automatically scans the system every seven days.

Secunia hopes that PSI plugs holes left open by users who don't regularly patch all the programs on their PCs.

"We are aiming to make PSI 3.0 the only tool that users need to keep all their software up-to-date," Thomas Kristensen, Secunia's chief security officer, said in a statement today.

Secunia has hammered the update message for years, most recently with a report earlier this month that said the typical PC user has to master 11 different update mechanisms in addition to the one that Microsoft provides

http://www.computerworld.com/s/article/9224656/Fre...

--
Was this reply relevant?
+0
-0
mogs CClip 116
Member 28th Feb, 2012 12:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 117
Member 28th Feb, 2012 13:04
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Google offers hackers a cool $1m to crack Chrome

A full-blown Chrome exploit is worth $60,000
By Robert Jaques
Tue Feb 28 2012, 11:15

SOFTWARE DEVELOPER Google has thrown down the gauntlet to white-hat hackers by offering up to $60,000 to anyone who can engineer a fully functional exploit that punches a security hole in its Chrome web browser.
The search giant has once again chosen the Cansecwest security conference to announced the competition, noting that developing a fully functional exploit is "significantly more work" than finding and reporting a potential security bug.
Posting on the Google Chrome Security Blog, Chris Evans and Justin Schuh from the Google Chrome Security Team explained that the aim of the sponsorship is simple. They said, "We have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users."
Somewhat perversely, the team added that the fact that Chrome is not receiving exploits means that it is actually harder to improve the platform. So to address this and maximise the chances of receiving exploits this year, the search company has dug deep to put up a cool $1 million worth of rewards. The top individual prize of $60,000 will be paid for a full Chrome exploit using only bugs in Chrome to deliver Windows 7 local OS user account persistence

More at :-
http://www.theinquirer.net/inquirer/news/2155574/g...

--
Was this reply relevant?
+0
-0
mogs CClip 118
Member 29th Feb, 2012 06:24
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Dev Channel Update
Tuesday, February 28, 2012 | 16:23
Labels: Dev updates
The Dev channel has been updated to 19.0.1055.1 for Windows, Mac, Linux and Chrome Frame. This build contains stability fixes and updated V8 to 3.9.11.0. Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
5 comments | Links to this post | Email Post

--
Was this reply relevant?
+0
-0
mogs CClip 119
Member 29th Feb, 2012 06:35
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 120
Member 29th Feb, 2012 06:45
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
mogs CClip 121
Member 29th Feb, 2012 20:40
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Windows 8 on ARM on track, Microsoft says
Microsoft released the consumer preview of Windows 8 at an event in Barcelona

By Nancy Gohring
February 29, 2012 11:49 AM ET
IDG News Service - Anyone can take Windows 8 for a spin now that Microsoft has launched the so-called "consumer preview" version of the software at an event in Barcelona on Wednesday.

The company said that ARM processor reference designs for Windows 8 are in testing and making the same progress as those running on X86 chips. This is the first time that Windows will run on ARM, widely used in smartphones and tablets. Given the progress that Microsoft said it is making, some company observers think Windows 8 will likely launch this year.

Executives at the launch event stressed that Windows 8 was built to work on a wide variety of devices. "The goal should be that the OS should scale with you," said Steven Sinofsky, president of the Windows and Windows Live Division at Microsoft.

More at :-
http://www.computerworld.com/s/article/9224762/Win...

--
Was this reply relevant?
+0
-0
mogs CClip 122
Member 29th Feb, 2012 20:52
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


FEBRUARY 29, 2012
Secunia pushes security patches without vendor consent
Secunia plans to package PC security updates in single automatic mechanism -- whether software companies like it or not

By Robert Lemos | InfoWorldFollow @infoworld


Staying current with patches and updates is a key component of keeping a computer secure, but the majority of workers are not diligent about updating their home computers. In the age of consumers using their own devices and cloud services in the workplace, the lack of up-to-date software can pose a security problem for companies.

Part of the problem is that consumers' default behavior is to click no to any update request. In addition, the dozen vendors that make the most popular 50 programs found on desktops have a hodgepodge of update mechanisms, making it difficult for users to know the status of their systems, says security firm Secunia. While 72 percent of vulnerabilities reported in 2011 had a readily available patch at the time of public announcement, about half of all endpoints have one or more unpatched vulnerabilities, the company says.

"If (updating) requires more than a simple OK, then users won't do it," says Thomas Kristensen, chief security officer for Secunia.

On Monday, Secunia announced a new simplified version of its Personal Software Inspector that will package security updates from the most popular software vendors into a single automated update mechanism. The approach is controversial because the company is not first asking developers for permission.

"For years, we have tried to push out information on patch levels so that software companies would have better updates," says Kristensen. "The vendors failed to commit."

Wrapping an update in a tailored installer has caused controversy in the past, mainly because firms repackaging software often did it for non-altruistic reasons. Late last year, security experts took CNET's Download.com to task for bundling other companies' software with the installers for open source applications.

Yet for a personal computer to stay atop patching schedules, the software vendor must already have an automated update process or a service must repackage the updates, says Kristensen. The technique is baked into almost every Linux distribution, for example, allowing users to refresh all software on the system with a single utility.

Secunia plans to question any software vendor that takes issue with its automatic update service as to why the developer does not automatically update users on its own. Microsoft and Adobe, for example, both already automatically patch their users.

Secunia plans to seek out partners, such as Internet service providers and banks, that want to increase the security of their users. In addition, the lessons that Secunia learns from its free PSI 3.0 product will make their way into its enterprise security product.

http://www.infoworld.com/t/security-management/sec...

--
Was this reply relevant?
+0
-0
mogs CClip 123
Member 29th Feb, 2012 23:18
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
The Raspberry Pi computer goes on general sale A credit-card sized computer designed to help teach children to code has gone on sale for the first time.

The Raspberry Pi is a bare-bones, low-cost computer created by volunteers mostly drawn from academia and the UK tech industry.

Sold uncased without keyboard or monitor, the Pi has drawn interest from educators and enthusiasts.

Supporters hope the machines could help reverse a lack of programming skills in the UK.

"It has been six years in the making; the number of things that had to go right for this to happen is enormous. I couldn't be more pleased," said Eben Upton of the Raspberry Pi Foundation which is based in Cambridge.

More at :-
http://www.bbc.co.uk/news/technology-17190918

--
Was this reply relevant?
+0
-0
mogs RE: Daily CYBERCLIPS February
Member 1st Mar, 2012 08:48
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK
Thankyou for your support.

This thread is now closed

Please see CYBERCLIPS for March at :-
http://secunia.com/community/forum/thread/show/122...

--
Was this reply relevant?
+0
-0

This thread has been marked as locked.